PT-2007-4743 · Apple · Safari
Published
2007-06-28
·
Updated
2008-11-15
·
CVE-2007-3482
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Safari for Windows version 3.0.1
Description
A cross-domain issue allows remote attackers to bypass the same origin policy and access restricted information from other domains via JavaScript that overwrites the
document variable and statically sets the document.domain attribute.Recommendations
For Apple Safari for Windows version 3.0.1, consider disabling JavaScript as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Safari