=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN137
_____________________________________________________________________

DATE                      : 17/04/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Safari versions prior to
                                                       3.1.1.

======================================================================
http://support.apple.com/kb/HT1467
______________________________________________________________________

  About the security content of Safari 3.1.1
Summary

This document describes the security content of Safari 3.1.1, which can
be downloaded and installed via Software Update preferences, or from
Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss,
or confirm security issues until a full investigation has occurred and
any necessary patches or releases are available. To learn more about
Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to
use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for
further information.

To learn about other Security Updates, see "Apple Security Updates."


Products Affected

Safari 3 (Windows), Security, Safari 3.1


Safari 3.1.1

     * Safari
       CVE-ID: CVE-2007-2398
       Available for: Windows XP or Vista
       Impact: A maliciously crafted website may control the contents of
       the address bar
       Description: A timing issue in Safari 3.1 allows a web page to
       change the contents of the address bar without loading the
       contents of the corresponding page. This could be used to spoof
       the contents of a legitimate site, allowing user credentials or
       other information to be gathered. This issue was addressed in
       Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update
       addresses the issue by restoring the address bar contents if a
       request for a new web page is terminated. This issue does not
       affect Mac OS X systems.

     * Safari
       CVE-ID: CVE-2008-1024
       Available for: Windows XP or Vista
       Impact: Visiting a maliciously crafted website may lead to an
       unexpected application termination or arbitrary code execution
       Description: A memory corruption issue exists in Safari's file
       downloading. By enticing a user to download a file with a
       maliciously crafted name, an attacker may cause an unexpected
       application termination or arbitrary code execution. This update
       addresses the issue through improved handling of file downloads.
       This issue does not affect Mac OS X systems.

     * WebKit
       CVE-ID: CVE-2008-1025
       Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS
       X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
       Impact: Visiting a malicious website may result in cross-site
       scripting
       Description: An issue exists in WebKi's handling of URLs
       containing a colon character in the host name. Opening a
       maliciously crafted URL may lead to a cross-site scripting attack.
       This update addresses the issue through improved handling of URLs.
       Credit to Robert Swiecki of Google Information Security Team and
       David Bloom for reporting this issue.

     * WebKit
       CVE-ID: CVE-2008-1026
       Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS
       X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
       Impact: Viewing a maliciously crafted web page may lead to an
       unexpected application termination or arbitrary code execution
       Description: A heap buffer overflow exists in WebKit's handling of
       JavaScript regular expressions. The issue may be triggered via
       JavaScript when processing regular expressions with large, nested
       repetition counts. This may lead to an unexpected application
       termination or arbitrary code execution. This update addresses the
       issue by performing additional validation of JavaScript regular
        expressions. Credit to Charlie Miller for reporting these issues.

Important: Information about products not manufactured by Apple is
provided for information purposes only and does not constitute Apple's
recommendation or endorsement. Please contact the vendor for additional
information.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================