CVE-2007-3186 (GCVE-0-2007-3186)
Vulnerability from – Published: 2007-06-12 22:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours"
},
{
"name": "20070612 Safari for Windows, 0day URL protocol handler command injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471176/100/0/threaded"
},
{
"name": "38542",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38542"
},
{
"name": "safari-urlprotocol-command-execution(34824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34824"
},
{
"name": "ADV-2007-2192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "24434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24434"
},
{
"name": "20070612 Safari for Windows, 0day URL protocol handler command injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html"
},
{
"name": "1018224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/06/14/safari-301-released/"
},
{
"name": "APPLE-SA-2007-06-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours"
},
{
"name": "20070612 Safari for Windows, 0day URL protocol handler command injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471176/100/0/threaded"
},
{
"name": "38542",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38542"
},
{
"name": "safari-urlprotocol-command-execution(34824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34824"
},
{
"name": "ADV-2007-2192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "24434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24434"
},
{
"name": "20070612 Safari for Windows, 0day URL protocol handler command injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html"
},
{
"name": "1018224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/06/14/safari-301-released/"
},
{
"name": "APPLE-SA-2007-06-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours"
},
{
"name": "20070612 Safari for Windows, 0day URL protocol handler command injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471176/100/0/threaded"
},
{
"name": "38542",
"refsource": "OSVDB",
"url": "http://osvdb.org/38542"
},
{
"name": "safari-urlprotocol-command-execution(34824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34824"
},
{
"name": "ADV-2007-2192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "24434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24434"
},
{
"name": "20070612 Safari for Windows, 0day URL protocol handler command injection",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html"
},
{
"name": "1018224",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018224"
},
{
"name": "http://larholm.com/2007/06/14/safari-301-released/",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/14/safari-301-released/"
},
{
"name": "APPLE-SA-2007-06-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3186",
"datePublished": "2007-06-12T22:00:00",
"dateReserved": "2007-06-12T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3185 (GCVE-0-2007-3185)
Vulnerability from – Published: 2007-06-12 22:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "safari-feed-dos(34846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34846"
},
{
"name": "24433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24433"
},
{
"name": "APPLE-SA-2007-06-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx"
},
{
"name": "38541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "safari-feed-dos(34846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34846"
},
{
"name": "24433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24433"
},
{
"name": "APPLE-SA-2007-06-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx"
},
{
"name": "38541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "safari-feed-dos(34846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34846"
},
{
"name": "24433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24433"
},
{
"name": "APPLE-SA-2007-06-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
},
{
"name": "http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx"
},
{
"name": "38541",
"refsource": "OSVDB",
"url": "http://osvdb.org/38541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3185",
"datePublished": "2007-06-12T22:00:00",
"dateReserved": "2007-06-12T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2843 (GCVE-0-2007-2843)
Vulnerability from – Published: 2007-05-24 18:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:53.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html"
},
{
"name": "38859",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html"
},
{
"name": "38859",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38859"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24121"
},
{
"name": "http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/",
"refsource": "MISC",
"url": "http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/"
},
{
"name": "http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html",
"refsource": "MISC",
"url": "http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html"
},
{
"name": "38859",
"refsource": "OSVDB",
"url": "http://osvdb.org/38859"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2843",
"datePublished": "2007-05-24T18:00:00",
"dateReserved": "2007-05-24T00:00:00",
"dateUpdated": "2024-08-07T13:57:53.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2580 (GCVE-0-2007-2580)
Vulnerability from – Published: 2007-05-09 21:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070515 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468719/100/0/threaded"
},
{
"name": "20070504 safari\u0027s saved password at risk",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467676/100/0/threaded"
},
{
"name": "2685",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2685"
},
{
"name": "20070515 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468650/100/0/threaded"
},
{
"name": "20070514 Re: RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468639/100/0/threaded"
},
{
"name": "20070516 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468737/100/0/threaded"
},
{
"name": "20070516 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468727/100/0/threaded"
},
{
"name": "23825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23825"
},
{
"name": "20070517 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468869/100/0/threaded"
},
{
"name": "20070514 Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468544/100/0/threaded"
},
{
"name": "35569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35569"
},
{
"name": "20070514 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468585/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070515 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468719/100/0/threaded"
},
{
"name": "20070504 safari\u0027s saved password at risk",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467676/100/0/threaded"
},
{
"name": "2685",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2685"
},
{
"name": "20070515 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468650/100/0/threaded"
},
{
"name": "20070514 Re: RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468639/100/0/threaded"
},
{
"name": "20070516 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468737/100/0/threaded"
},
{
"name": "20070516 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468727/100/0/threaded"
},
{
"name": "23825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23825"
},
{
"name": "20070517 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468869/100/0/threaded"
},
{
"name": "20070514 Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468544/100/0/threaded"
},
{
"name": "35569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35569"
},
{
"name": "20070514 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468585/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070515 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468719/100/0/threaded"
},
{
"name": "20070504 safari\u0027s saved password at risk",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467676/100/0/threaded"
},
{
"name": "2685",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2685"
},
{
"name": "20070515 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468650/100/0/threaded"
},
{
"name": "20070514 Re: RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468639/100/0/threaded"
},
{
"name": "20070516 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468737/100/0/threaded"
},
{
"name": "20070516 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468727/100/0/threaded"
},
{
"name": "23825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23825"
},
{
"name": "20070517 Re: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468869/100/0/threaded"
},
{
"name": "20070514 Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468544/100/0/threaded"
},
{
"name": "35569",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35569"
},
{
"name": "20070514 RE: Apple Safari on MacOSX may reveal user\u0027s saved passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468585/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2580",
"datePublished": "2007-05-09T21:00:00",
"dateReserved": "2007-05-09T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2391 (GCVE-0-2007-2391)
Vulnerability from – Published: 2007-06-14 18:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:29.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "safari-settimeout-security-bypass(34847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34847"
},
{
"name": "ADV-2007-2192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "20070613 Re: [Full-disclosure] Apple Safari: cookie stealing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471266/100/0/threaded"
},
{
"name": "24457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24457"
},
{
"name": "1018238",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018238"
},
{
"name": "20070613 Apple Safari: cookie stealing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471255/100/0/threaded"
},
{
"name": "36605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36605"
},
{
"name": "APPLE-SA-2007-06-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "safari-settimeout-security-bypass(34847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34847"
},
{
"name": "ADV-2007-2192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "20070613 Re: [Full-disclosure] Apple Safari: cookie stealing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471266/100/0/threaded"
},
{
"name": "24457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24457"
},
{
"name": "1018238",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018238"
},
{
"name": "20070613 Apple Safari: cookie stealing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471255/100/0/threaded"
},
{
"name": "36605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36605"
},
{
"name": "APPLE-SA-2007-06-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "safari-settimeout-security-bypass(34847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34847"
},
{
"name": "ADV-2007-2192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"name": "20070613 Re: [Full-disclosure] Apple Safari: cookie stealing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471266/100/0/threaded"
},
{
"name": "24457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24457"
},
{
"name": "1018238",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018238"
},
{
"name": "20070613 Apple Safari: cookie stealing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471255/100/0/threaded"
},
{
"name": "36605",
"refsource": "OSVDB",
"url": "http://osvdb.org/36605"
},
{
"name": "APPLE-SA-2007-06-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2391",
"datePublished": "2007-06-14T18:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:29.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2408 (GCVE-0-2007-2408)
Vulnerability from – Published: 2007-08-03 20:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2730",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2730"
},
{
"name": "25157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306174"
},
{
"name": "safari-applet-security-bypass(35714)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35714"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=3214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked \"Enable Java\" setting, which allows remote attackers to execute Java applets via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2730",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2730"
},
{
"name": "25157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306174"
},
{
"name": "safari-applet-security-bypass(35714)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35714"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=3214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked \"Enable Java\" setting, which allows remote attackers to execute Java applets via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2730",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2730"
},
{
"name": "25157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25157"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306174",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306174"
},
{
"name": "safari-applet-security-bypass(35714)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35714"
},
{
"name": "http://isc.sans.org/diary.html?storyid=3214",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=3214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2408",
"datePublished": "2007-08-03T20:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2400 (GCVE-0-2007-2400)
Vulnerability from – Published: 2007-06-25 19:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36452",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36452"
},
{
"name": "ADV-2007-2316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "APPLE-SA-2007-06-22",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
},
{
"name": "1018282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018282"
},
{
"name": "24599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24599"
},
{
"name": "26287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26287"
},
{
"name": "VU#289988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/289988"
},
{
"name": "ADV-2007-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36452",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36452"
},
{
"name": "ADV-2007-2316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "APPLE-SA-2007-06-22",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
},
{
"name": "1018282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018282"
},
{
"name": "24599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24599"
},
{
"name": "26287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26287"
},
{
"name": "VU#289988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/289988"
},
{
"name": "ADV-2007-2731",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36452",
"refsource": "OSVDB",
"url": "http://osvdb.org/36452"
},
{
"name": "ADV-2007-2316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306173",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"name": "APPLE-SA-2007-06-22",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
},
{
"name": "1018282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018282"
},
{
"name": "24599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24599"
},
{
"name": "26287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26287"
},
{
"name": "VU#289988",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/289988"
},
{
"name": "ADV-2007-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2400",
"datePublished": "2007-06-25T19:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2398 (GCVE-0-2007-2398)
Vulnerability from – Published: 2007-06-21 10:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT1467"
},
{
"name": "ADV-2007-2316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"name": "ADV-2008-0979",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0979/references"
},
{
"name": "APPLE-SA-2007-06-22",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
},
{
"name": "APPLE-SA-2008-04-16",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
},
{
"name": "1018282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018282"
},
{
"name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
},
{
"name": "safari-addressbar-spoofing(35050)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
},
{
"name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
},
{
"name": "24484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24484"
},
{
"name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT1467"
},
{
"name": "ADV-2007-2316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"name": "ADV-2008-0979",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0979/references"
},
{
"name": "APPLE-SA-2007-06-22",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
},
{
"name": "APPLE-SA-2008-04-16",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
},
{
"name": "1018282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018282"
},
{
"name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
},
{
"name": "safari-addressbar-spoofing(35050)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
},
{
"name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
},
{
"name": "24484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24484"
},
{
"name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38862",
"refsource": "OSVDB",
"url": "http://osvdb.org/38862"
},
{
"name": "http://support.apple.com/kb/HT1467",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT1467"
},
{
"name": "ADV-2007-2316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"name": "ADV-2008-0979",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0979/references"
},
{
"name": "APPLE-SA-2007-06-22",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
},
{
"name": "APPLE-SA-2008-04-16",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
},
{
"name": "1018282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018282"
},
{
"name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
},
{
"name": "safari-addressbar-spoofing(35050)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
},
{
"name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
},
{
"name": "24484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24484"
},
{
"name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2398",
"datePublished": "2007-06-21T10:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2175 (GCVE-0-2007-2175)
Vulnerability from – Published: 2007-04-24 16:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow"
},
{
"name": "quicktime-unspecified-code-execution(33827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33827"
},
{
"name": "1017950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017950"
},
{
"name": "APPLE-SA-2007-05-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305446"
},
{
"name": "20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467319/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/"
},
{
"name": "34178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34178"
},
{
"name": "VU#420668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/420668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the \"PWN 2 0WN\" contest at CanSecWest 2007."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow"
},
{
"name": "quicktime-unspecified-code-execution(33827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33827"
},
{
"name": "1017950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017950"
},
{
"name": "APPLE-SA-2007-05-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305446"
},
{
"name": "20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467319/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/"
},
{
"name": "34178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34178"
},
{
"name": "VU#420668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/420668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the \"PWN 2 0WN\" contest at CanSecWest 2007."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-023.html"
},
{
"name": "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow",
"refsource": "MISC",
"url": "http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow"
},
{
"name": "quicktime-unspecified-code-execution(33827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33827"
},
{
"name": "1017950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017950"
},
{
"name": "APPLE-SA-2007-05-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00001.html"
},
{
"name": "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305446",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305446"
},
{
"name": "20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467319/100/0/threaded"
},
{
"name": "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/",
"refsource": "MISC",
"url": "http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/"
},
{
"name": "34178",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34178"
},
{
"name": "VU#420668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/420668"
},
{
"name": "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/",
"refsource": "MISC",
"url": "http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2175",
"datePublished": "2007-04-24T16:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:50.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2163 (GCVE-0-2007-2163)
Vulnerability from – Published: 2007-04-22 19:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070417 Internet Explorer Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466017/100/0/threaded"
},
{
"name": "20070417 Re: Internet Explorer Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466043/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070417 Internet Explorer Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466017/100/0/threaded"
},
{
"name": "20070417 Re: Internet Explorer Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466043/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070417 Internet Explorer Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466017/100/0/threaded"
},
{
"name": "20070417 Re: Internet Explorer Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466043/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2163",
"datePublished": "2007-04-22T19:00:00",
"dateReserved": "2007-04-22T00:00:00",
"dateUpdated": "2024-08-07T13:23:50.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 331 - 340 organizations in total 1584