ID CVE-2007-2398
Summary Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*
CVSS
Base: 7.1 (as of 16-10-2018 - 16:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:C/A:N
refmap via4
apple
  • APPLE-SA-2007-06-22
  • APPLE-SA-2008-04-16
bid 24484
bugtraq
  • 20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
  • 20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
confirm http://support.apple.com/kb/HT1467
fulldisc 20070614 Re: Apple Safari: urlbar/window title spoofing
osvdb 38862
sectrack 1018282
vupen
  • ADV-2007-2316
  • ADV-2008-0979
xf safari-addressbar-spoofing(35050)
Last major update 16-10-2018 - 16:43
Published 21-06-2007 - 10:30
Last modified 16-10-2018 - 16:43
Back to Top