

Impact: A malicious website may be able to access non-HTTP servicesĭescription: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding.

This was addressed though additional ownership checks.ĭescription: Multiple memory corruption issues were addressed through improved memory handling.ĬVE-2016-4759: Tongbo Luo of Palo Alto NetworksĬVE-2016-4762: Zheng Huang of Baidu Security LabĬVE-2016-4768: Anonymous working with Trend Micro's Zero Day Initiative

Impact: Visiting a maliciously crafted website may leak sensitive dataĭescription: A permissions issue existed in the handling of the location variable. This was addressed through improved validation. Impact: Processing maliciously crafted web content may lead to arbitrary code executionĭescription: A parsing issue existed in the handling of error prototypes.
