{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>Safari 3.0 et les versions ant\u00e9rieures.</p>","content":"## Description\n\nLa version 3.1 de Safari corrige plusieurs vuln\u00e9rabilit\u00e9s affectant le\nnavigateur d'Apple. Elles permettent de r\u00e9aliser des attaques\nd'injection de code indirecte via un site malicieusement construit\ncontenant du javascript. Elles permettent aussi d'ex\u00e9cuter du code\narbitraire via l'utilisation d'une expression r\u00e9guli\u00e8re javascript\nsp\u00e9cifiquement r\u00e9alis\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Apple 307563 du 17 mars 2008 pour\nl'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-1011","url":"https://www.cve.org/CVERecord?id=CVE-2008-1011"},{"name":"CVE-2008-1009","url":"https://www.cve.org/CVERecord?id=CVE-2008-1009"},{"name":"CVE-2008-1006","url":"https://www.cve.org/CVERecord?id=CVE-2008-1006"},{"name":"CVE-2008-1008","url":"https://www.cve.org/CVERecord?id=CVE-2008-1008"},{"name":"CVE-2008-1010","url":"https://www.cve.org/CVERecord?id=CVE-2008-1010"},{"name":"CVE-2007-4680","url":"https://www.cve.org/CVERecord?id=CVE-2007-4680"},{"name":"CVE-2008-1003","url":"https://www.cve.org/CVERecord?id=CVE-2008-1003"},{"name":"CVE-2008-1004","url":"https://www.cve.org/CVERecord?id=CVE-2008-1004"},{"name":"CVE-2008-1005","url":"https://www.cve.org/CVERecord?id=CVE-2008-1005"},{"name":"CVE-2008-1007","url":"https://www.cve.org/CVERecord?id=CVE-2008-1007"},{"name":"CVE-2008-0050","url":"https://www.cve.org/CVERecord?id=CVE-2008-0050"},{"name":"CVE-2008-1002","url":"https://www.cve.org/CVERecord?id=CVE-2008-1002"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Apple 307563 du 17 mars 2008 :","url":"http://docs.info.apple.com/article.html?artnum=307563"}],"reference":"CERTA-2008-AVI-145","revisions":[{"description":"version initiale.","revision_date":"2008-03-19T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres des attaques de type\ninjection de code indirecte ou ex\u00e9cution de code arbitraire ont \u00e9t\u00e9\ncorrig\u00e9es dans Safari.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Safari","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u0107urit\u00e9 de Apple 307563 du 17 mars 2008","url":null}]}