Apple Safari JavaScript Engine Cross Domain Information Disclosure Vulnerability

Published: 2009-01-23 15:33:16
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:H/Au:S/C:N/I:P/A:N

Detection Type:
Windows Registry

Impact:
Successful exploitation will let the attacker execute arbitrary codes in the context of the web browser and can spoof sensitive information of the remote user through the web browser.

Affected Versions:
Apple Safari 3.1.2 and prior on Windows.

Technical Details:
Undefined function in the JavaScript implementation of the browser fails to properly enforce the origin policy and leaves temporary footprints.

Recommendations:
Upgrade to Apple Safari version 5.0 or later

Summary:
The host is running Apple Safari web browser which is prone to information disclosure vulnerability.

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2008-5914

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/33276

References:

http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf
http://www.apple.com/support/downloads

Search
Severity
Low
CVSS Score
2.1

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.