WebKit in Apple Safari before 5.0 or Apple iTunes before 9.2 on Windows, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors involving form menus. Successful exploitation could allow attackers to crash the service.
The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle vectors involving selections. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service.
The host is installed with Apple Safari before 5.0.3 or 4.1.3 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to prevent access of uninitialized memory during processing of editable elements. Successful exploitation could allow attackers to execute arbitrary code or crash the service.
The host is missing a security update according to Apple advisory, APPLE-SA-2016-10-24-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or disclose information.