Apple Safari Command Execution and Cross Site Scripting Vulnerabilities

Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by remote attackers to bypass security restrictions, cause a denial of service, disclose sensitive information, or execute arbitrary code.

1. Due to an error in the validation of certificates, which could be exploited by an attacker to direct a user to a spoofed web site that incorrectly appears to be trusted.

2. Due to an error when handling 502 Bad Gateway errors sent by an HTTPS proxy server, which could allow a malicious proxy to spoof secure websites.

3. Due to an input validation error in the Safari's error page when handling malformed URLs, which could be exploited to conduct cross site scripting attacks and disclose sensitive information.

4. Due to an input validation error when processing "javascript:" URLs, which could be exploited to conduct cross site scripting attacks in the context of arbitrary web sites.

5. Due to an error when handling web pages that have explicitly set the "document.domain" property, which could lead to a cross-site scripting attack in sites that set the "document.domain" property, or between HTTP and HTTPS sites with the same "document.domain".

6. Due to an error in Web Inspector, which could allow a page being inspected to escalate its privileges by injecting script that will run in other domains and read the user's file system.

7. Due to an error when using the Kotoeri input method, which could result in exposing a password field content on the display when reverse conversion is requested.

8. Due to an error when handling "window.open()" functions, which could be exploited to conduct cross site scripting attacks.

9. Due to a design error where frame navigation policy is not enforced for Java applets, which could be exploited to conduct cross site scripting attacks via a specially crafted Java applet.

10. Due to an error when handling the "document.domain" property, which could be exploited to conduct cross site scripting attacks and disclose sensitive information.

11. Due to an error when handling the "history" object, which could be exploited to conduct cross site scripting attacks and inject JavaScript in the context of arbitrary frames.

12. Due to a buffer overflow error in WebKit when handling malformed JavaScript regular expressions, which could be exploited by malicious web sites to crash an affected browser or execute arbitrary code.

13. Due to an error in WebKit that allows method instances from one frame to be called in the context of another frame, which could be exploited to conduct cross site scripting attacks and disclose sensitive information.