VYPR
Unrated severityNVD Advisory· Published Jul 31, 2006· Updated Jun 16, 2026

CVE-2006-3946

CVE-2006-3946

Description

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.

Affected products

12
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
    • (no CPE)range: =2.0.4
  • Apple Inc./Mac OS X10 versions
    cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
    • (no CPE)range: 10.3.9, 10.4 - 10.4.7

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.