Vulnerability-Lookup

CVE-2008-1009 (GCVE-0-2008-1009)

Vulnerability from cvelistv5 – Published: 2008-03-19 00:00 – Updated: 2024-08-07 08:08

Summary

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
http://www.securitytracker.com/id?1019653	vdb-entryx_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA08-079A.html	third-party-advisoryx_refsource_CERT
http://www.securityfocus.com/bid/28337	vdb-entryx_refsource_BID
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/28290	vdb-entryx_refsource_BID
http://docs.info.apple.com/article.html?artnum=307563	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2008/0920…	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/29393	third-party-advisoryx_refsource_SECUNIA

Date Public

2008-03-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019653",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019653"
          },
          {
            "name": "TA08-079A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
          },
          {
            "name": "28337",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28337"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
          },
          {
            "name": "28290",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28290"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307563"
          },
          {
            "name": "safari-historyobject-security-bypass(41322)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
          },
          {
            "name": "ADV-2008-0920",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0920/references"
          },
          {
            "name": "29393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29393"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1019653",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019653"
        },
        {
          "name": "TA08-079A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
        },
        {
          "name": "28337",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28337"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
        },
        {
          "name": "28290",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28290"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307563"
        },
        {
          "name": "safari-historyobject-security-bypass(41322)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
        },
        {
          "name": "ADV-2008-0920",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0920/references"
        },
        {
          "name": "29393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29393"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1009",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019653",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019653"
            },
            {
              "name": "TA08-079A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
            },
            {
              "name": "28337",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28337"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
            },
            {
              "name": "28290",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28290"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307563",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307563"
            },
            {
              "name": "safari-historyobject-security-bypass(41322)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
            },
            {
              "name": "ADV-2008-0920",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0920/references"
            },
            {
              "name": "29393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29393"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1009",
    "datePublished": "2008-03-19T00:00:00.000Z",
    "dateReserved": "2008-02-26T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:08:57.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-1009",
      "date": "2026-05-31",
      "epss": "0.0084",
      "percentile": "0.75021"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09F4ADD0-449B-4DDD-9878-DE86CBD56756\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A419AE8-F5A2-4E25-9004-AAAB325E201A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"857C92E2-6870-409A-9457-75F8C5C7B959\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"443FF271-A3AB-4659-80B2-89F771BF5371\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9315ADD-5B97-4639-9B59-806EFD7BC247\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D3889ED-9329-4C84-A173-2553BEAE3EDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06494FA8-F12A-435A-97A4-F38C58DF43F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFDCF83E-620C-40FA-9901-5D939E315143\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A33F900-D405-40A8-A0A5-3C80320FF6E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84E78F43-07BD-4D62-9512-DA738A92BC7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3180366-2240-467E-8AB9-BEA0430948F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AB9CC52-E533-4306-9E92-73C84B264D4E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, como se usa en Apple Safari antes de 3.1, permite a atacantes remotos inyectar Javascript de su elecci\\u00f3n modificando el objeto history.\"}]",
      "id": "CVE-2008-1009",
      "lastModified": "2024-11-21T00:43:26.820",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-03-19T00:44:00.000",
      "references": "[{\"url\": \"http://docs.info.apple.com/article.html?artnum=307563\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/29393\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28290\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28337\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019653\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-079A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0920/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41322\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=307563\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/29393\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019653\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-079A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0920/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41322\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1009\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-19T00:44:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, como se usa en Apple Safari antes de 3.1, permite a atacantes remotos inyectar Javascript de su elecci\u00f3n modificando el objeto history.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09F4ADD0-449B-4DDD-9878-DE86CBD56756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A419AE8-F5A2-4E25-9004-AAAB325E201A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"857C92E2-6870-409A-9457-75F8C5C7B959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443FF271-A3AB-4659-80B2-89F771BF5371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9315ADD-5B97-4639-9B59-806EFD7BC247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D3889ED-9329-4C84-A173-2553BEAE3EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06494FA8-F12A-435A-97A4-F38C58DF43F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFDCF83E-620C-40FA-9901-5D939E315143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A33F900-D405-40A8-A0A5-3C80320FF6E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84E78F43-07BD-4D62-9512-DA738A92BC7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3180366-2240-467E-8AB9-BEA0430948F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AB9CC52-E533-4306-9E92-73C84B264D4E\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307563\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/29393\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28290\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28337\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019653\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-079A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0920/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41322\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/29393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019653\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-079A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0920/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-145

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant entre autres des attaques de type injection de code indirecte ou exécution de code arbitraire ont été corrigées dans Safari.

Description

La version 3.1 de Safari corrige plusieurs vulnérabilités affectant le navigateur d'Apple. Elles permettent de réaliser des attaques d'injection de code indirecte via un site malicieusement construit contenant du javascript. Elles permettent aussi d'exécuter du code arbitraire via l'utilisation d'une expression régulière javascript spécifiquement réalisée.

Solution

Se référer au bulletin de sécurité de Apple 307563 du 17 mars 2008 pour l'obtention des correctifs (cf. section Documentation).

Safari 3.0 et les versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CERTA-2008-AVI-145

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant entre autres des attaques de type injection de code indirecte ou exécution de code arbitraire ont été corrigées dans Safari.

Description

Solution

Se référer au bulletin de sécurité de Apple 307563 du 17 mars 2008 pour l'obtention des correctifs (cf. section Documentation).

Safari 3.0 et les versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2008-1009

Vulnerability from fkie_nvd - Published: 2008-03-19 00:44 - Updated: 2026-04-23 00:35

Severity

Summary

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307563
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html	Patch
cve@mitre.org	http://secunia.com/advisories/29393
cve@mitre.org	http://www.securityfocus.com/bid/28290
cve@mitre.org	http://www.securityfocus.com/bid/28337
cve@mitre.org	http://www.securitytracker.com/id?1019653
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0920/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41322
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307563
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29393
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28290
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28337
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019653
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0920/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41322

Impacted products

Vendor	Product	Version
apple	safari	0.8
apple	safari	0.9
apple	safari	1.0
apple	safari	1.1
apple	safari	1.2
apple	safari	1.3
apple	safari	1.3.1
apple	safari	1.3.2
apple	safari	2.0
apple	safari	2.0.2
apple	safari	2.0.4
apple	safari	3.0
apple	safari	3.0.1
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F4ADD0-449B-4DDD-9878-DE86CBD56756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, como se usa en Apple Safari antes de 3.1, permite a atacantes remotos inyectar Javascript de su elecci\u00f3n modificando el objeto history."
    }
  ],
  "id": "CVE-2008-1009",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-19T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29393"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28290"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28337"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019653"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0920/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0920/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3QH3-FX4R-GPRG

Vulnerability from github – Published: 2022-05-01 23:35 – Updated: 2022-05-01 23:35

Details

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-19T00:44:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.",
  "id": "GHSA-3qh3-fx4r-gprg",
  "modified": "2022-05-01T23:35:36Z",
  "published": "2022-05-01T23:35:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1009"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29393"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28290"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28337"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019653"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0920/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-1009

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

Aliases

CVE-2008-1009

Aliases

CVE-2008-1009

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1009",
    "description": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.",
    "id": "GSD-2008-1009"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1009"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.",
      "id": "GSD-2008-1009",
      "modified": "2023-12-13T01:23:03.278766Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1009",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1019653",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019653"
          },
          {
            "name": "TA08-079A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
          },
          {
            "name": "28337",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28337"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
          },
          {
            "name": "28290",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28290"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307563",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307563"
          },
          {
            "name": "safari-historyobject-security-bypass(41322)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
          },
          {
            "name": "ADV-2008-0920",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0920/references"
          },
          {
            "name": "29393",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29393"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1009"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307563",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307563"
            },
            {
              "name": "1019653",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019653"
            },
            {
              "name": "28337",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28337"
            },
            {
              "name": "TA08-079A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
            },
            {
              "name": "28290",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28290"
            },
            {
              "name": "29393",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29393"
            },
            {
              "name": "ADV-2008-0920",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0920/references"
            },
            {
              "name": "safari-historyobject-security-bypass(41322)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-03-19T00:44Z"
    }
  }
}

VAR-200803-0228

Vulnerability from variot - Updated: 2023-12-18 11:50

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. Apple Safari is prone to 12 security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible. These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista. NOTE: This BID is being retired. An attacker may leverage this issue to execute arbitrary script code in other frames loaded from the same web page. This may help the attacker steal potentially sensitive information and launch other attacks. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. Safari version 3.1 fixes several security vulnerabilities, as follows: A JavaScript injection vulnerability exists in the handling of history objects, where frames set history object properties in all other frames loaded by the same web page. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

4 days left of beta period.

The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success.

The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide.

For more information: SA29393

SOLUTION: Apply updated packages via the yum utility ("yum update WebKit").

Note: Updated packages for midori and kazehakase have also been issued, which have been rebuilt against the new WebKit library. ----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: Apple Safari Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA29393

VERIFY ADVISORY: http://secunia.com/advisories/29393/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access

WHERE:

From remote

SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari 2.x http://secunia.com/product/5289/

DESCRIPTION: Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to compromise a vulnerable system.

2) An error exists the handling of web pages that have explicitly set the document.domain property. This can be exploited to conduct cross-site scripting attacks in sites that set the document.domain property or between HTTP and HTTPS sites with the same document.domain.

3) An error in Web Inspector can be exploited to inject script code that will run in other domains and can read the user's file system when a specially crafted page is inspected.

4) A security issue exists with the Kotoeri input method, which can result in exposing the password field on the display when reverse conversion is requested.

5) An error within the handling of the "window.open()" function can be used to change the security context of a web page to the caller's context.

6) The frame navigation policy is not enforced for Java applets. This can be exploited to conduct cross-site scripting attacks using java and to gain escalated privileges by enticing a user to open a specially crafted web page.

7) An unspecified error in the handling of the document.domain property can be exploited to conduct cross-site scripting attacks when a user visits a specially crafted web page.

8) An error exists in the handling of the history object. This can be exploited to inject javascript code that will run in the context of other frames.

9) A boundary error exists in the handling of javascript regular expressions, which can be exploited to cause a buffer overflow via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.

10) An error in WebKit allows method instances from one frame to be called in the context of another frame. This can be exploited to conduct cross-site scripting attacks.

SOLUTION: Update to version 3.1.

PROVIDED AND/OR DISCOVERED BY: 1) Robert Swiecki of Google Information Security Team 2, 3, 5, 6) Adam Barth and Collin Jackson of Stanford University 10) Eric Seidel of the WebKit Open Source Project, and Tavis Ormandy and Will Drewry of Google Security Team

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307563

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0228",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "0.8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "0.9"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "version"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "28290"
      },
      {
        "db": "BID",
        "id": "28337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-1009",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-1009",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-31134",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-1009",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-306",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31134",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. Apple Safari is prone to 12 security vulnerabilities. \nAttackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible. \nThese issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista. \nNOTE: This BID is being retired. \nAn attacker may leverage this issue to execute arbitrary script code in other frames loaded from the same web page. This may help the attacker steal potentially sensitive information and launch other attacks. \nNOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. Safari version 3.1 fixes several security vulnerabilities, as follows: A JavaScript injection vulnerability exists in the handling of history objects, where frames set history object properties in all other frames loaded by the same web page. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\n4 days left of beta period. \n\nThe 1st generation of the Secunia Network Software Inspector (NSI)\nhas been available for corporate users for almost 1 year and its been\na tremendous success. \n\nThe 2nd generation Secunia NSI is built on the same technology as the\naward winning Secunia PSI, which has already been downloaded and\ninstalled on more than 400,000 computers world wide. \n\nFor more information:\nSA29393\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update WebKit\"). \n\nNote: Updated packages for midori and kazehakase have also been\nissued, which have been rebuilt against the new WebKit library. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29393\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29393/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Exposure of sensitive\ninformation, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSafari 3.x\nhttp://secunia.com/product/17989/\nSafari 2.x\nhttp://secunia.com/product/5289/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Safari, which can be\nexploited by malicious people to bypass certain security\nrestrictions, conduct cross-site scripting attacks, or to compromise\na vulnerable system. \n\n2) An error exists the handling of web pages that have explicitly set\nthe document.domain property. This can be exploited to conduct\ncross-site scripting attacks in sites that set the document.domain\nproperty or between HTTP and HTTPS sites with the same\ndocument.domain. \n\n3) An error in Web Inspector can be exploited to inject script code\nthat will run in other domains and can read the user\u0027s file system\nwhen a specially crafted page is inspected. \n\n4) A security issue exists with the Kotoeri input method, which can\nresult in exposing the password field on the display when reverse\nconversion is requested. \n\n5) An error within the handling of the \"window.open()\" function can\nbe used to change the security context of a web page to the caller\u0027s\ncontext. \n\n6) The frame navigation policy is not enforced for Java applets. This\ncan be exploited to conduct cross-site scripting attacks using java\nand to gain escalated privileges by enticing a user to open a\nspecially crafted web page. \n\n7) An unspecified error in the handling of the document.domain\nproperty can be exploited to conduct cross-site scripting attacks\nwhen a user visits a specially crafted web page. \n\n8) An error exists in the handling of the history object. This can be\nexploited to inject javascript code that will run in the context of\nother frames. \n\n9) A boundary error exists in the handling of javascript regular\nexpressions, which can be exploited to cause a buffer overflow via a\nspecially crafted web page. \n\nSuccessful exploitation allows execution of arbitrary code. \n\n10) An error in WebKit allows method instances from one frame to be\ncalled in the context of another frame. This can be exploited to\nconduct cross-site scripting attacks. \n\nSOLUTION:\nUpdate to version 3.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Robert Swiecki of Google Information Security Team\n2, 3, 5, 6) Adam Barth and Collin Jackson of Stanford University\n10) Eric Seidel of the WebKit Open Source Project, and Tavis Ormandy\nand Will Drewry of Google Security Team\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307563\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "BID",
        "id": "28290"
      },
      {
        "db": "BID",
        "id": "28337"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "db": "PACKETSTORM",
        "id": "65784"
      },
      {
        "db": "PACKETSTORM",
        "id": "64736"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-1009",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "28290",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "28337",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1019653",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA08-079A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "29393",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0920",
        "trust": 1.7
      },
      {
        "db": "USCERT",
        "id": "SA08-079A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA08-079A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-03-18",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "41322",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-31134",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "29924",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "65784",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64736",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "db": "BID",
        "id": "28290"
      },
      {
        "db": "BID",
        "id": "28337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "PACKETSTORM",
        "id": "65784"
      },
      {
        "db": "PACKETSTORM",
        "id": "64736"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "id": "VAR-200803-0228",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:50:28.899000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Safari 3.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht1315"
      },
      {
        "title": "Safari 3.1",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307563-ja"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/28290"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/28337"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1019653"
      },
      {
        "trust": 2.4,
        "url": "http://docs.info.apple.com/article.html?artnum=307563"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29393"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/0920/references"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0920/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41322"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1009"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-079a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-079a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1009"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/41322"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/29393/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-april/msg00402.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-april/msg00401.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-april/msg00400.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29924/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16769/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5289/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17989/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "db": "BID",
        "id": "28290"
      },
      {
        "db": "BID",
        "id": "28337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "PACKETSTORM",
        "id": "65784"
      },
      {
        "db": "PACKETSTORM",
        "id": "64736"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "db": "BID",
        "id": "28290"
      },
      {
        "db": "BID",
        "id": "28337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "db": "PACKETSTORM",
        "id": "65784"
      },
      {
        "db": "PACKETSTORM",
        "id": "64736"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "BID",
        "id": "28290"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "BID",
        "id": "28337"
      },
      {
        "date": "2008-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "date": "2008-04-28T14:37:56",
        "db": "PACKETSTORM",
        "id": "65784"
      },
      {
        "date": "2008-03-20T00:11:50",
        "db": "PACKETSTORM",
        "id": "64736"
      },
      {
        "date": "2008-03-19T00:44:00",
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31134"
      },
      {
        "date": "2008-03-20T20:40:00",
        "db": "BID",
        "id": "28290"
      },
      {
        "date": "2008-03-20T17:50:00",
        "db": "BID",
        "id": "28337"
      },
      {
        "date": "2008-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      },
      {
        "date": "2017-08-08T01:29:49.150000",
        "db": "NVD",
        "id": "CVE-2008-1009"
      },
      {
        "date": "2008-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "28290"
      },
      {
        "db": "BID",
        "id": "28337"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari of  WebCore Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001195"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "65784"
      },
      {
        "db": "PACKETSTORM",
        "id": "64736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-306"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1009 (GCVE-0-2008-1009)

CERTA-2008-AVI-145

Description

Solution

CERTA-2008-AVI-145

Description

Solution

FKIE_CVE-2008-1009

GHSA-3QH3-FX4R-GPRG

GSD-2008-1009

VAR-200803-0228

Tags

Sightings

Nomenclature