CVE-2010-0047
Description
Use-after-free in WebKit's handling of HTML object fallback content allows remote code execution in Safari before 4.0.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in WebKit's handling of HTML object fallback content allows remote code execution in Safari before 4.0.5.
Vulnerability
A use-after-free vulnerability exists in WebKit's handling of HTML object element fallback content in Apple Safari versions prior to 4.0.5. The bug occurs when the browser processes specially crafted HTML that triggers a dangling pointer after the object element's fallback content is freed. This allows an attacker to corrupt memory and potentially execute arbitrary code. The vulnerability is present in all Safari versions before 4.0.5 [2].
Exploitation
An attacker can exploit this vulnerability by hosting a malicious website and luring a user to visit it. No authentication or special privileges are required. The attack involves crafting an HTML page with an object element that includes fallback content designed to trigger the use-after-free condition. When the user's browser renders the page, the freed memory is accessed, leading to a crash or code execution [2].
Impact
Successful exploitation allows a remote attacker to execute arbitrary code within the context of the Safari browser, potentially leading to full system compromise. Alternatively, the attacker can cause a denial of service by crashing the application. The impact is high due to the ability to execute arbitrary code without user interaction beyond visiting a malicious site [2].
Mitigation
Apple addressed this vulnerability in Safari 4.0.5, released on March 11, 2010 [2]. Users should update to Safari 4.0.5 or later. Additionally, Ubuntu included a fix in USN-1006-1 for systems using WebKit via the webkit package [3]. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=4.0.4
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
- (no CPE)range: <4.0.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- www.securityfocus.com/bid/38671nvdPatch
- lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlnvdVendor Advisory
- support.apple.com/kb/HT4070nvdVendor Advisory
- lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- secunia.com/advisories/41856nvd
- secunia.com/advisories/43068nvd
- support.apple.com/kb/HT4225nvd
- www.mandriva.com/security/advisoriesnvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-1006-1nvd
- www.vupen.com/english/advisories/2010/2722nvd
- www.vupen.com/english/advisories/2011/0212nvd
- www.vupen.com/english/advisories/2011/0552nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6882nvd
News mentions
0No linked articles in our index yet.