Kuzzcc

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.7 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iTunes versions prior to 10.7, update to version 10.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.7 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iTunes versions prior to 10.7, update to version 10.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0 Apple iTunes (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 6.0, update to version 6.0 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 11.0.696.57 **Description** The issue allows remote attackers to spoof the URL bar via vectors involving a navigation error or an interrupted load. **Recommendations** For versions prior to 11.0.696.57, update to version 11.0.696.57 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.2 on Windows **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.2 on Windows, update to version 10.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.2 on Windows **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.2 on Windows, update to version 10.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.3 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1.3 on Mac OS X 10.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving Geolocation objects. This can result in an application crash. **Recommendations** For Apple Safari versions prior to 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.3 or later. For Apple Safari versions prior to 4.1.3 on Mac OS X 10.4, update to version 4.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 6.0.472.59 **Description** The issue is related to the improper implementation of Geolocation in Google Chrome, allowing remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. **Recommendations** For versions prior to 6.0.472.59, update to version 6.0.472.59 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 6.0.472.53 webkitgtk versions prior to 1.2.6 **Description** The issue is related to the improper handling of counter nodes, which can be exploited by remote attackers to cause a denial of service due to memory corruption, and possibly have other unspecified impacts. The exact vectors used for the attack are not specified. **Recommendations** For Google Chrome versions prior to 6.0.472.53, update to version 6.0.472.53 or later to resolve the issue. For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1.1 on Mac OS X 10.4 webkitgtk versions prior to 1.2.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted regular expression. **Recommendations** For Apple Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.1 or later. For Apple Safari versions prior to 4.1.1 on Mac OS X 10.4, update to version 4.1.1 or later. For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows Apple Safari versions prior to 4.1 on Mac OS X 10.4 **Description** The issue allows user-assisted remote attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via certain vectors involving a window close action during a drag-and-drop operation. **Recommendations** For Apple Safari versions prior to 5.0 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0 or later. For Apple Safari versions prior to 4.1 on Mac OS X 10.4, update to version 4.1 or later.