CVE-2007-2398
6.5 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:C/A:N
0.021 Low
EPSS
Percentile
89.0%
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:safari | apple safari | eq | 3.0.1 |
References
archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
osvdb.org/38862
support.apple.com/kb/HT1467
www.securityfocus.com/archive/1/471452/100/0/threaded
www.securityfocus.com/archive/1/471454/100/0/threaded
www.securityfocus.com/bid/24484
www.securitytracker.com/id?1018282
www.vupen.com/english/advisories/2007/2316
www.vupen.com/english/advisories/2008/0979/references
exchange.xforce.ibmcloud.com/vulnerabilities/35050
Related
6.5 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:C/A:N
0.021 Low
EPSS
Percentile
89.0%