CVE-2004-0361

Vulnerability

The JavaScript engine in Safari 1.2 and earlier contains an array allocation management error. A remote attacker can cause a denial of service (segmentation fault) by creating a new Array object with a large size value and then writing into that array. Affected versions: Safari ≤ 1.2 [1].

Exploitation

An attacker needs only to craft a malicious web page or HTML content that triggers the vulnerable code path. No special network position beyond the ability to deliver content to the victim's Safari browser is required, and no authentication is needed. The exploit involves executing JavaScript such as var a = new Array(99999999999999999999999); a[0+5]="AAAAA"; [1]. The browser processes the oversized array allocation, leading to a segmentation fault.

Impact

Successful exploitation results in a denial of service: Safari crashes due to a segmentation fault. According to the advisory, there is no known way to execute arbitrary code with this vulnerability as of the publication date [1]. The impact is limited to a crash of the browser, but this could be repeated to persistently deny browser functionality to the user.

Mitigation

No vendor patch was issued within the disclosed timeline; the advisory notes the vendor was notified on 19/03/04 but no fix is referenced [1]. Users should upgrade to a newer version of Safari or consider using an alternative browser. The vulnerability affects Safari ≤ 1.2; later versions fixed the issue. Konqueror does not appear to be vulnerable [1].