CVE-2007-3759 - Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari

CVE-2007-3759

Summary

Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.

References

Vulnerable Configurations

cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 09-08-2022 - 13:46)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2007-09-27
bid	25853
confirm	http://docs.info.apple.com/article.html?artnum=306586
osvdb	38532
sectrack	1018752
secunia	26983
xf	iphone-javascript-weak-security(36858)

Last major update

09-08-2022 - 13:46

Published

27-09-2007 - 22:17

Last modified

09-08-2022 - 13:46