Apple Safari JavaScript Engine Cross Domain Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Apple Safari web browser which is prone to information disclosure vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the web browser and can spoof sensitive information of the remote user through the web browser. Impact Level: Application

Solution

Upgrade to Apple Safari version 5.0 or later For updates refer to http://www.apple.com/support/downloads

Insight

Undefined function in the JavaScript implementation of the browser fails to properly enforce the origin policy and leaves temporary footprints.

Affected

Apple Safari 3.1.2 and prior on Windows.

References

http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5914
CVSS Base Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

Related Vulnerabilities

MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability
MantisBT 'adm_config_report.php' Cross-Site Scripting Vulnerability - January15
Bugzilla Group Selection During Bug Creation Information Disclosure Vulnerability
Fisheye Multiple Vulnerabilities
Anti OpenVAS defenses

Take action and discover your vulnerabilities