CVE-2007-4692 (GCVE-0-2007-4692)
Vulnerability from – Published: 2007-11-15 00:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "safari-tabbed-information-disclosure(38460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "40662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40662"
},
{
"name": "26447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26447"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "safari-tabbed-information-disclosure(38460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "40662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40662"
},
{
"name": "26447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26447"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "safari-tabbed-information-disclosure(38460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38460"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "40662",
"refsource": "OSVDB",
"url": "http://osvdb.org/40662"
},
{
"name": "26447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26447"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4692",
"datePublished": "2007-11-15T00:00:00",
"dateReserved": "2007-09-05T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4671 (GCVE-0-2007-4671)
Vulnerability from – Published: 2007-09-27 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "iphone-https-security-bypass(36862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36862"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "25852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25852"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to \"alter or access\" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "iphone-https-security-bypass(36862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36862"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "25852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25852"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to \"alter or access\" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "iphone-https-security-bypass(36862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36862"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "25852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25852"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4671",
"datePublished": "2007-09-27T22:00:00",
"dateReserved": "2007-09-05T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4431 (GCVE-0-2007-4431)
Vulnerability from – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sla.ckers.org/forum/read.php?3%2C14151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/"
},
{
"name": "46720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.0x000000.com/index.php?i=420"
},
{
"name": "25355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka \"classic JavaScript frame hijacking.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sla.ckers.org/forum/read.php?3%2C14151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/"
},
{
"name": "46720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.0x000000.com/index.php?i=420"
},
{
"name": "25355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka \"classic JavaScript frame hijacking.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sla.ckers.org/forum/read.php?3,14151",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?3,14151"
},
{
"name": "http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/",
"refsource": "MISC",
"url": "http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/"
},
{
"name": "46720",
"refsource": "OSVDB",
"url": "http://osvdb.org/46720"
},
{
"name": "http://www.0x000000.com/index.php?i=420",
"refsource": "MISC",
"url": "http://www.0x000000.com/index.php?i=420"
},
{
"name": "25355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4431",
"datePublished": "2007-08-20T19:00:00",
"dateReserved": "2007-08-20T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4424 (GCVE-0-2007-4424)
Vulnerability from – Published: 2007-08-18 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070811 Safari for windows remote arbitry file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476675/100/0/threaded"
},
{
"name": "20070820 Re: Re: Safari for windows remote arbitry file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477180/100/0/threaded"
},
{
"name": "3022",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3022"
},
{
"name": "1018575",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018575"
},
{
"name": "20070815 Re: Safari for windows remote arbitry file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476690/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070811 Safari for windows remote arbitry file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476675/100/0/threaded"
},
{
"name": "20070820 Re: Re: Safari for windows remote arbitry file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477180/100/0/threaded"
},
{
"name": "3022",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3022"
},
{
"name": "1018575",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018575"
},
{
"name": "20070815 Re: Safari for windows remote arbitry file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476690/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070811 Safari for windows remote arbitry file upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476675/100/0/threaded"
},
{
"name": "20070820 Re: Re: Safari for windows remote arbitry file upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477180/100/0/threaded"
},
{
"name": "3022",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3022"
},
{
"name": "1018575",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018575"
},
{
"name": "20070815 Re: Safari for windows remote arbitry file upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476690/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4424",
"datePublished": "2007-08-18T22:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3944 (GCVE-0-2007-3944)
Vulnerability from – Published: 2007-07-23 16:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "25002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25002"
},
{
"name": "iphone-safari-bo(35577)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
},
{
"name": "ADV-2007-2730",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2730"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityevaluators.com/iphone/"
},
{
"name": "1018439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018439"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306174"
},
{
"name": "26287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
},
{
"name": "ADV-2007-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2731"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "25002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25002"
},
{
"name": "iphone-safari-bo(35577)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
},
{
"name": "ADV-2007-2730",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2730"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityevaluators.com/iphone/"
},
{
"name": "1018439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018439"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306174"
},
{
"name": "26287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
},
{
"name": "ADV-2007-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2731"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=306173",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "25002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25002"
},
{
"name": "iphone-safari-bo(35577)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
},
{
"name": "ADV-2007-2730",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2730"
},
{
"name": "http://www.securityevaluators.com/iphone/",
"refsource": "MISC",
"url": "http://www.securityevaluators.com/iphone/"
},
{
"name": "1018439",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018439"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306174",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306174"
},
{
"name": "26287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26287"
},
{
"name": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin",
"refsource": "MISC",
"url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
},
{
"name": "ADV-2007-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2731"
},
{
"name": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf",
"refsource": "MISC",
"url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3944",
"datePublished": "2007-07-23T16:00:00",
"dateReserved": "2007-07-23T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3761 (GCVE-0-2007-3761)
Vulnerability from – Published: 2007-09-27 22:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25851",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25851"
},
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frame-security-bypass(36860)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36860"
},
{
"name": "38530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38530"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25851",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25851"
},
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frame-security-bypass(36860)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36860"
},
{
"name": "38530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38530"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25851"
},
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frame-security-bypass(36860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36860"
},
{
"name": "38530",
"refsource": "OSVDB",
"url": "http://osvdb.org/38530"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3761",
"datePublished": "2007-09-27T22:00:00",
"dateReserved": "2007-07-12T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3760 (GCVE-0-2007-3760)
Vulnerability from – Published: 2007-09-27 22:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frametags-security-bypass(36859)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "25850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25850"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frametags-security-bypass(36859)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "25850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25850"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-frametags-security-bypass(36859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "25850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25850"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3760",
"datePublished": "2007-09-27T22:00:00",
"dateReserved": "2007-07-12T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3759 (GCVE-0-2007-3759)
Vulnerability from – Published: 2007-09-27 22:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "38532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25853",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25853"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "iphone-javascript-weak-security(36858)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36858"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "38532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25853",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25853"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "iphone-javascript-weak-security(36858)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36858"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "38532",
"refsource": "OSVDB",
"url": "http://osvdb.org/38532"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25853"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "iphone-javascript-weak-security(36858)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36858"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3759",
"datePublished": "2007-09-27T22:00:00",
"dateReserved": "2007-07-12T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3758 (GCVE-0-2007-3758)
Vulnerability from – Published: 2007-09-27 22:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "iphone-window-security-bypass(36857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
},
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25857"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "iphone-window-security-bypass(36857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
},
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25857"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iphone-window-security-bypass(36857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
},
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25857"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3758",
"datePublished": "2007-09-27T22:00:00",
"dateReserved": "2007-07-12T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3757 (GCVE-0-2007-3757)
Vulnerability from – Published: 2007-09-27 21:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25854"
},
{
"name": "iphone-tellink-call-hijacking(36856)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36856"
},
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "38534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38534"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted \"tel:\" link that causes iPhone to display a different number than the number that will be dialed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25854"
},
{
"name": "iphone-tellink-call-hijacking(36856)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36856"
},
{
"name": "APPLE-SA-2007-09-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "38534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38534"
},
{
"name": "26983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "1018752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted \"tel:\" link that causes iPhone to display a different number than the number that will be dialed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25854"
},
{
"name": "iphone-tellink-call-hijacking(36856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36856"
},
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "38534",
"refsource": "OSVDB",
"url": "http://osvdb.org/38534"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3757",
"datePublished": "2007-09-27T21:00:00",
"dateReserved": "2007-07-12T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 311 - 320 organizations in total 1584