Description
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
Affected products
- Apple / Safari4.0.5
- Apple / webkit
- Canonical / Ubuntu Linux10.04 – 10.04
- Canonical / Ubuntu Linux10.04.4 – 10.04.4
- Canonical / Ubuntu Linux10.10 – 10.10
- Canonical / Ubuntu Linux9.10 – 9.10
- Google / Chrome5.0.375.70
- openSUSE / opensuse11.2 – 11.2
- openSUSE / opensuse11.3 – 11.3
- SUSE / suse_linux_enterprise_desktop10 – 10
- SUSE / suse_linux_enterprise_desktop11 – 11
- SUSE / SUSE Linux Enterprise Server10 – 10
- SUSE / SUSE Linux Enterprise Server11 – 11
References
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4220
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2722
- VENDOR_ADVISORYhttp://secunia.com/advisories/43068
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
- VENDOR_ADVISORYhttp://zerodayinitiative.com/advisories/ZDI-10-093/
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4334
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1006-1
- VENDOR_ADVISORYhttp://secunia.com/advisories/41856
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0212
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/40072
- VENDOR_ADVISORYhttp://secunia.com/advisories/40196
- VENDOR_ADVISORYhttp://secunia.com/advisories/40105
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1373
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/42314
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1512
- MISChttp://www.securityfocus.com/bid/40620
- MISChttp://code.google.com/p/chromium/issues/detail?id=43487
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0552
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4456
- MISChttp://securitytracker.com/id?1024067
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4196
- MISChttp://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html