Lucene search
RootSSV:21025HistoryOct 14, 2011 - 12:00 a.m.
Apple MobileSafari附件查看跨站脚本执行漏洞
2011-10-1400:00:00
Root
www.seebug.org
12
0.004 Low
EPSS
Percentile
70.8%
CVE ID: CVE-2011-3426
MobileSafari是Apple的iOS设备的浏览器。
Apple公司的MobileSafari在处理Content-Disposition标头时存在安全漏洞,在不提示用户的情况下就打开附件内容,导致附件可以完全访问目标域的DOM,执行跨站脚本攻击,泄露敏感信息。攻击者通常使用社会工程学攻击或向受控站点插入内容。
Apple iOS < 5
厂商补丁:
Apple
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
Related
prion
prion
Cross site scripting
2011-10-14 10:55:00
cve
cve
CVE-2011-3426
2011-10-14 10:55:00
cvelist
cvelist
CVE-2011-3426
2011-10-14 10:00:00
jvn
jvn
JVN#41657660: Safari for iOS vulnerable to cross-site scripting
2011-10-17 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability
2011-10-16 00:00:00
APPLE-SA-2011-10-12-1 iOS 5 Software Update
2011-10-15 00:00:00
Apple iPhone multiple security vulnerabilities
2011-10-16 00:00:00
msvr
msvr
Safari Content-Disposition Handling Could Allow Cross-site Scripting
2012-08-21 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities
2012-07-26 00:00:00
Safari < 6.0 Multiple Vulnerabilities
2012-07-26 00:00:00
Safari < 6.0 Multiple Vulnerabilities
2012-07-26 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X)
2012-07-30 00:00:00
Apple Safari Multiple Vulnerabilities (Jul 2012) - Mac OS X
2012-07-30 00:00:00