PT-2010-3431 · Apple · Safari+1

Jeremiah Grossman

Publicado

2010-07-30

Atualizado

2017-09-19

CVE-2010-1796

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows Safari versions prior to 4.1.1 on Mac OS X 10.4

Description The issue allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. This is related to the AutoFill feature.

Recommendations For Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.1 or later. For Safari versions prior to 4.1.1 on Mac OS X 10.4, update to version 4.1.1 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2010-1796

Produtos afetados

Macos X

Safari

PT-2010-3431 · Apple · Safari+1

CVE-2010-1796

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5