Adam Barth

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0 Apple iTunes (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 6.0, update to version 6.0 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 5.1.1 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 12.0 Firefox ESR versions 10.x before 10.0.5 Thunderbird versions 5.0 through 12.0 Thunderbird ESR versions 10.x before 10.0.5 SeaMonkey versions prior to 2.10 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document because the Content Security Policy (CSP) implementation does not block inline event handlers. This makes it easier for attackers to exploit the vulnerability. Additionally, the vulnerability can be triggered if the security policy is not properly configured to block pop-up windows, allowing an attacker to bypass cross-site scripting protection. **Recommendations** For Mozilla Firefox versions 4.x through 12.0, update to a version after 12.0 or apply the necessary security patches. For Firefox ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For Thunderbird versions 5.0 through 12.0, update to a version after 12.0 or apply the necessary security patches. For Thunderbird ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For SeaMonkey versions prior to 2.10, update to version 2.10 or later. As a temporary workaround, consider disabling inline event handlers in the Content Security Policy (CSP) until a patch is available. Restrict access to potentially vulnerable HTML documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 5.1 **Description** A cross-site scripting (XSS) issue exists, allowing user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. **Recommendations** For versions prior to 5.1, update to version 5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 10.5 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.5, update to version 10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android browser (affected versions not specified) **Description** The issue is related to the Android browser's inability to properly restrict modifications to cookies established in HTTPS sessions. This allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. The problem is connected to the lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which is described as a "cookie forcing" issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue is related to Microsoft Internet Explorer's inability to properly restrict modifications to cookies established in HTTPS sessions. This allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. The problem is connected to the lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which is described as a "cookie forcing" issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 1.0.154.53 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script by modifying the CONNECT response from a proxy server. This is achieved by using the HTTP Host header to determine the context of a document provided in a 4xx or 5xx CONNECT response. **Recommendations** For versions prior to 1.0.154.53, update to version 1.0.154.53 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 1.0.154.53 **Description** The issue allows man-in-the-middle attackers to spoof an arbitrary https site. This is done by letting a browser obtain a valid certificate from the site during one request and then sending the browser a crafted 502 response page upon a subsequent request. The problem occurs when Google Chrome displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server. **Recommendations** For Google Chrome versions prior to 1.0.154.53, update to version 1.0.154.53 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 3.0.11 Description: The issue allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document. This is achieved through a "file-URL-to-file-URL scripting" attack, where an incorrect principal is associated with a file: URL loaded through the location bar. Recommendations: For versions prior to 3.0.11, update to version 3.0.11 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via specific vectors related to determining a security context, using an approach that does not follow the "HTML 5 standard method". Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 Description: A cross-site scripting (XSS) issue exists in Web Inspector in WebKit, allowing user-assisted remote attackers to inject arbitrary web script or HTML and read local files. This occurs due to incorrect privileges during script execution. Recommendations: For versions prior to 4.0, update to version 4.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. This enables attackers to execute malicious scripts on affected devices. Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via submission of a form to the "about:blank" URL, leading to security-context replacement. Recommendations: For Apple Safari versions prior to 4.0, update to version 4.0 or later. For iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1. For iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 3.1 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the `document.domain` property or have the same `document.domain`. **Recommendations** For versions prior to 3.1, update to version 3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 3.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the document.domain property. **Recommendations** For versions prior to 3.1, update to version 3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 3.1 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by using the `window.open` function to change the security context of a web page. **Recommendations** For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `window.open` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 3.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. **Recommendations** For versions prior to 3.1, update to version 3.1 or later to resolve the issue.