CVE-2010-0924

Name of the Vulnerable Software and Affected Versions Apple Safari versions 4.0.3 through 4.0.4

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash, by providing a long string in the BACKGROUND attribute of a BODY element. This is related to the cfnetwork.dll component in CFNetwork, used by safari.exe.

Recommendations For Apple Safari versions 4.0.3 through 4.0.4, consider avoiding the use of long strings in the BACKGROUND attribute of BODY elements until a fix is available. As a temporary workaround, restrict the input allowed for the BACKGROUND attribute to prevent potential crashes.