CVE-2010-1396

Published: Jun 11, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.

Affected (8)

Products: Apple: Safari, Webkit

2 products

Configuration A

32 platform

Running on/with	Platform Versions
Apple Mac Os X	Version 10.5.0
Apple Mac Os X	Version 10.5.1
Apple Mac Os X	Version 10.5.2
Apple Mac Os X	Version 10.5.3
Apple Mac Os X	Version 10.5.4
Apple Mac Os X	Version 10.5.5
Apple Mac Os X	Version 10.5.6
Apple Mac Os X	Version 10.5.7
Apple Mac Os X	Version 10.5.8
Apple Mac Os X	Version 10.5
Apple Mac Os X	Version 10.6.0
Apple Mac Os X	Version 10.6.1
Apple Mac Os X	Version 10.6.2
Apple Mac Os X	Version 10.6.3
Apple Mac Os X Server	Version 10.5.0
Apple Mac Os X Server	Version 10.5.1
Apple Mac Os X Server	Version 10.5.2
Apple Mac Os X Server	Version 10.5.3
Apple Mac Os X Server	Version 10.5.4
Apple Mac Os X Server	Version 10.5.5
Apple Mac Os X Server	Version 10.5.6
Apple Mac Os X Server	Version 10.5.7
Apple Mac Os X Server	Version 10.5.8
Apple Mac Os X Server	Version 10.5
Apple Mac Os X Server	Version 10.6.0
Apple Mac Os X Server	Version 10.6.1
Apple Mac Os X Server	Version 10.6.2
Apple Mac Os X Server	Version 10.6.3
Microsoft Windows 7	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration B

8 vulnerable · 26 platform

Vulnerable Software	Affected Versions
Apple Safari	Up to 4.0.5
Apple Safari	Version 4.0.0b
Apple Safari	Version 4.0.1
Apple Safari	Version 4.0.2
Apple Safari	Version 4.0.3
Apple Safari	Version 4.0.4
Apple Safari	Version 4.0
Apple Webkit	All versions

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.0
Apple Mac Os X	Version 10.4.10
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.4.1
Apple Mac Os X	Version 10.4.2
Apple Mac Os X	Version 10.4.3
Apple Mac Os X	Version 10.4.4
Apple Mac Os X	Version 10.4.5
Apple Mac Os X	Version 10.4.6
Apple Mac Os X	Version 10.4.7
Apple Mac Os X	Version 10.4.8
Apple Mac Os X	Version 10.4.9
Apple Mac Os X	Version 10.4
Apple Mac Os X Server	Version 10.4.0
Apple Mac Os X Server	Version 10.4.10
Apple Mac Os X Server	Version 10.4.11
Apple Mac Os X Server	Version 10.4.1
Apple Mac Os X Server	Version 10.4.2
Apple Mac Os X Server	Version 10.4.3
Apple Mac Os X Server	Version 10.4.4
Apple Mac Os X Server	Version 10.4.5
Apple Mac Os X Server	Version 10.4.6
Apple Mac Os X Server	Version 10.4.7
Apple Mac Os X Server	Version 10.4.8
Apple Mac Os X Server	Version 10.4.9
Apple Mac Os X Server	Version 10.4

Related CWEs

References (46)

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Source: product-security@apple.com

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: product-security@apple.com

http://secunia.com/advisories/40105

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/40196

Source: product-security@apple.com

http://secunia.com/advisories/41856

Source: product-security@apple.com

http://secunia.com/advisories/43068

Source: product-security@apple.com

http://securitytracker.com/id?1024067

Source: product-security@apple.com

http://support.apple.com/kb/HT4196

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4220

Source: product-security@apple.com

http://support.apple.com/kb/HT4225

Source: product-security@apple.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: product-security@apple.com

http://www.securityfocus.com/bid/40620

Source: product-security@apple.com

Patch

http://www.securityfocus.com/bid/40647

Source: product-security@apple.com

http://www.ubuntu.com/usn/USN-1006-1

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/1373

Source: product-security@apple.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/1512

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/2722

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0212

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0552

Source: product-security@apple.com

http://www.zerodayinitiative.com/advisories/ZDI-10-092

Source: product-security@apple.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7288

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40105

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40196

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1024067

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4196

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4220

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4225

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/40620

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/40647

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1373

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/1512

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-10-092

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7288

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.