[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'

[Notification of New Vulnerabilties to Windows Systems Fixlet Messages]

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 356	Published: Wed, 09 Apr 2014 02:49:57  GMT

New Fixlets:
============

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3608)
Severity: High
Fixlet ID: 2347701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23477.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3608
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3681)
Severity: High
Fixlet ID: 2349601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23496.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3681
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Apple Safari vulnerability, which allows remote attackers to bypass authentication by leveraging an unattended workstation
Severity: Medium
Fixlet ID: 2358401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23584.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0680
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3636)
Severity: High
Fixlet ID: 2360201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23602.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3636
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari, which allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites
Severity: Medium
Fixlet ID: 2363501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23635.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0214
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3641)
Severity: High
Fixlet ID: 2366601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23666.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3641
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3639)
Severity: High
Fixlet ID: 2376901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23769.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3639
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3667)
Severity: High
Fixlet ID: 2378701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23787.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3667
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries
Severity: Medium
Fixlet ID: 2380301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23803.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1485
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3611)
Severity: High
Fixlet ID: 2381701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23817.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3611
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari 4.0.4 on Windows allows remote attackers to cause a denial of service
Severity: Medium
Fixlet ID: 2382701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23827.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0925
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

***************************************************************
Title: Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document (CVE-2011-1908)
Severity: High
Fixlet ID: 2385101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23851.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1908
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3632)
Severity: High
Fixlet ID: 2387201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23872.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3632
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: Foxit Reader JPEG2000 Header Decoding Memory Corruption Vulnerability (CVE-2009-0690)
Severity: High
Fixlet ID: 2387501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23875.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0690
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3610)
Severity: High
Fixlet ID: 2393501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23935.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3610
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Foxit Reader authorization bypass vulnerability (CVE-2009-0836)
Severity: High
Fixlet ID: 2393801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23938.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0836
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3596)
Severity: High
Fixlet ID: 2395101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23951.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3596
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3078)
Severity: High
Fixlet ID: 2396701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23967.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 5.0 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages
Severity: Medium
Fixlet ID: 2397701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval23977.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2264
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3678)
Severity: High
Fixlet ID: 2400801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24008.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3678
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3679)
Severity: High
Fixlet ID: 2401801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24018.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3679
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)
Severity: Medium
Fixlet ID: 2402601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24026.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0983
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1006)
Severity: High
Fixlet ID: 2403301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24033.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1006
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: Foxit Reader stack-based buffer overflow (CVE-2009-0837)
Severity: High
Fixlet ID: 2403401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24034.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0837
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-1520)
Severity: High
Fixlet ID: 2403901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24039.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1520
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, 
Severity: High
Fixlet ID: 2405901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24059.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1239
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3687)
Severity: High
Fixlet ID: 2406501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24065.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3687
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 does not properly handle drag-and-drop events
Severity: Medium
Fixlet ID: 2408001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24080.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3689
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3621)
Severity: High
Fixlet ID: 2409001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24090.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3621
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3607)
Severity: High
Fixlet ID: 2410001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24100.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3607
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: Foxit Reader JPEG2000 Header Decoding Memory Corruption Vulnerability (CVE-2009-0691)
Severity: High
Fixlet ID: 2410701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24107.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3664)
Severity: High
Fixlet ID: 2411001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24110.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)
Severity: Medium
Fixlet ID: 2412001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24120.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0981
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1010)
Severity: High
Fixlet ID: 2412901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24129.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1010
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: Foxit Reader Insecure Library Loading (CVE-2011-3691)
Severity: High
Fixlet ID: 2413101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24131.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via 
Severity: High
Fixlet ID: 2414101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24141.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1486
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which makes it easier for remote web servers to track users via a cookie
Severity: Medium
Fixlet ID: 2414501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24145.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0640
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3595)
Severity: High
Fixlet ID: 2414601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24146.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3595
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3600)
Severity: High
Fixlet ID: 2414701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24147.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3600
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1000)
Severity: High
Fixlet ID: 2415701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24157.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1000
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3682)
Severity: High
Fixlet ID: 2416101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24161.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3638)
Severity: High
Fixlet ID: 2416301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24163.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3638
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3618)
Severity: High
Fixlet ID: 2416501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24165.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3618
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3599)
Severity: High
Fixlet ID: 2416601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24166.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3599
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3591)
Severity: High
Fixlet ID: 2417101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24171.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3591
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-0682)
Severity: High
Fixlet ID: 2418701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24187.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0682
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3674)
Severity: High
Fixlet ID: 2419101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24191.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-0683)
Severity: High
Fixlet ID: 2419501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24195.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3630)
Severity: High
Fixlet ID: 2421001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24210.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3630
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3655)
Severity: High
Fixlet ID: 2421701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24217.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3655
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that co
Severity: Medium
Fixlet ID: 2422201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24222.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4759
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3665)
Severity: High
Fixlet ID: 2422401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24224.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3665
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3628)
Severity: High
Fixlet ID: 2423201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24232.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3628
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3683)
Severity: High
Fixlet ID: 2423401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24234.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3683
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3594)
Severity: High
Fixlet ID: 2423901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24239.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3594
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3646)
Severity: High
Fixlet ID: 2424601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24246.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3646
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3590)
Severity: High
Fixlet ID: 2424701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24247.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3590
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Severity: High
Fixlet ID: 2425001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24250.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1484
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which might allow remote web servers to capture credentials by logging the Authorization HTTP header
Severity: Medium
Fixlet ID: 2425101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24251.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0647
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3645)
Severity: High
Fixlet ID: 2425301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24253.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3645
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-0999)
Severity: High
Fixlet ID: 2425701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24257.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0999
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3670)
Severity: High
Fixlet ID: 2426401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24264.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1003)
Severity: High
Fixlet ID: 2426601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24266.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1003
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3593)
Severity: High
Fixlet ID: 2426801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24268.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3593
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Severity: High
Fixlet ID: 2426901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24269.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0387
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1008)
Severity: High
Fixlet ID: 2427001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24270.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1008
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1001)
Severity: High
Fixlet ID: 2427101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24271.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1001
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3604)
Severity: High
Fixlet ID: 2427301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24273.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3604
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3610)
Severity: High
Fixlet ID: 2428101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24281.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3610
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3653)
Severity: High
Fixlet ID: 2429001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24290.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3653
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1005)
Severity: High
Fixlet ID: 2429601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24296.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1005
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3668)
Severity: High
Fixlet ID: 2430201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24302.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3668
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs
Severity: Medium
Fixlet ID: 2430501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24305.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3693
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3615)
Severity: High
Fixlet ID: 2430801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24308.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3615
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3620)
Severity: High
Fixlet ID: 2431001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24310.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3620
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3603)
Severity: High
Fixlet ID: 2431101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24311.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3603
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1007)
Severity: High
Fixlet ID: 2431301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24313.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1007
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3633)
Severity: High
Fixlet ID: 2432001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24320.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3633
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3640)
Severity: High
Fixlet ID: 2432901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24329.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3640
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3606)
Severity: High
Fixlet ID: 2433001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24330.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3606
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3663)
Severity: High
Fixlet ID: 2433301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24333.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3663
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information
Severity: Medium
Fixlet ID: 2433501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24335.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0166
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content.  NOTE: this might overlap CVE-2011-0778.

***************************************************************
Title: Foxit Reader PDF Handling Multiple Remote Vulnerabilities (CVE-2009-0191)
Severity: High
Fixlet ID: 2434101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24341.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0191
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which might allow remote web servers to capture credentials
Severity: Medium
Fixlet ID: 2434601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24346.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0160
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values
Severity: Medium
Fixlet ID: 2434801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24348.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3089)
Severity: High
Fixlet ID: 2435101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24351.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3597)
Severity: High
Fixlet ID: 2435601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24356.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3597
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari, which allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites
Severity: Medium
Fixlet ID: 2435701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24357.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0219
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2012-1521)
Severity: High
Fixlet ID: 2436201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24362.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1521
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3592)
Severity: High
Fixlet ID: 2436301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24363.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3592
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3626)
Severity: High
Fixlet ID: 2436401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24364.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3626
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3609)
Severity: High
Fixlet ID: 2436501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24365.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3609
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3644)
Severity: High
Fixlet ID: 2437101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24371.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3644
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3642)
Severity: High
Fixlet ID: 2437301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24373.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3642
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3634)
Severity: High
Fixlet ID: 2437401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24374.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3634
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3666)
Severity: High
Fixlet ID: 2437701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24377.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3666
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1004)
Severity: High
Fixlet ID: 2437901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24379.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1004
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3589)
Severity: High
Fixlet ID: 2438201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24382.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3589
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3680)
Severity: High
Fixlet ID: 2438401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24384.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3680
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3625)
Severity: High
Fixlet ID: 2438801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24388.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3686)
Severity: High
Fixlet ID: 2438901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24389.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3686
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3669)
Severity: High
Fixlet ID: 2439001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24390.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3669
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3086)
Severity: High
Fixlet ID: 2439301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24393.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3625)
Severity: High
Fixlet ID: 2439901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24399.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Severity: Low
Fixlet ID: 2440501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24405.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

***************************************************************
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deploym
Severity: High
Fixlet ID: 2440601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24406.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1487
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

***************************************************************
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3081)
Severity: High
Fixlet ID: 2441301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24413.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3081
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.

***************************************************************
Title: Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references (CVE-2012-4337)
Severity: High
Fixlet ID: 2441401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24414.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4337
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3629)
Severity: High
Fixlet ID: 2441501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24415.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3629
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3605)
Severity: High
Fixlet ID: 2441701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24417.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3605
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-3701)
Severity: High
Fixlet ID: 2442401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24424.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3701
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2013-1002)
Severity: High
Fixlet ID: 2442601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24426.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1002
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3656)
Severity: High
Fixlet ID: 2442901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24429.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3656
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3661)
Severity: High
Fixlet ID: 2443001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24430.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3661
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors
Severity: Medium
Fixlet ID: 2443401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24434.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0676
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service
Severity: Medium
Fixlet ID: 2443501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24435.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

***************************************************************
Title: Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow (CVE-2011-0332)
Severity: High
Fixlet ID: 2444301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24443.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0332
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

***************************************************************
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-5112)
Severity: High
Fixlet ID: 2445101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24451.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5112
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3637)
Severity: High
Fixlet ID: 2445201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24452.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3637
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3627)
Severity: High
Fixlet ID: 2445601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24456.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3627
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3635)
Severity: High
Fixlet ID: 2445901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24459.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3635
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: JavaScript vulnerability in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method
Severity: Medium
Fixlet ID: 2446001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24460.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5070
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264.  NOTE: this may overlap CVE-2010-5073.

***************************************************************
Title: WebKit vulnerability in Apple Safari before 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site (CVE-2012-3631)
Severity: High
Fixlet ID: 2446301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24463.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3631
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

***************************************************************
Title: Vulnerability in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service
Severity: Medium
Fixlet ID: 2446701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24467.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0924
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

***************************************************************
Title: Vulnerability in Apple Safari, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site
Severity: Medium
Fixlet ID: 2448601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24486.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0314
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.