Back
CVE-2010-0050
HIGH
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
Published: Mar 15, 2010
Modified: Apr 29, 2026
CWE-416
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (10)
| Vendor | Product | Version |
|---|---|---|
| apple | safari | * < 4.0.5 |
| apple | iphone_os | * ≥ 2.0 < 4.0 |
| fedoraproject | fedora | 11 |
| fedoraproject | fedora | 12 |
| fedoraproject | fedora | 13 |
| canonical | ubuntu_linux | 9.10 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| opensuse | opensuse | 11.2 |
| opensuse | opensuse | 11.3 |
GitHub Security Advisory GHSA-x35p-q7vp-559r
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to...
References (38)
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html Mailing List
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html Mailing List, Vendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html Mailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html Mailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html Mailing List
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html Mailing List
- http://secunia.com/advisories/41856 Broken Link
- http://secunia.com/advisories/43068 Broken Link
- http://support.apple.com/kb/HT4070 Vendor Advisory
- http://support.apple.com/kb/HT4225 Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 Broken Link
- http://www.securityfocus.com/bid/38671 Broken Link, Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1023708 Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1006-1 Third Party Advisory
- http://www.vupen.com/english/advisories/2010/2722 Broken Link
Risk Scores
CVSS Score
8.8 / 10
EPSS Score
46.37%
Top 2% most likely to be exploited
Threat Score
49.1 / 100
Data Sources
NVD
EPSS
GitHub