HTTP: Apple Safari Webkit Option Element ContentEditable Code Execution
This signature detects attempts to exploit a known vulnerability in Apple Safari Webkit. It is due to the way the application removes a particular container element containing another element with a specific attribute. Remote attackers can exploit this by enticing the target user to open a maliciously crafted Web page. Successful exploitation can result in execution of arbitrary code within the security context of the current user.
Extended Description
WebKit is prone to a remote code-execution vulnerability. Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Affected Products
Apple iphone,Apple safari
Short Name
HTTP:STC:SAFARI:CONT-EDITABLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2010-1396 Code ContentEditable Element Execution Option Safari Webkit bid:40647
Release Date
10/04/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mandriva
Webkit_open_source_project
Apple
Pardus
Ubuntu
CVSS Score
9.3