CVE-2007-3758

Name of the Vulnerable Software and Affected Versions Safari versions 3 before Beta Update 3.0.4 Safari in Apple iPhone version 1.1.1 Safari in Mac OS X versions 10.4 through 10.4.10

Description The issue allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.

Recommendations For Safari versions 3 before Beta Update 3.0.4, update to Beta Update 3.0.4 or later. For Safari in Apple iPhone version 1.1.1, update the iPhone operating system to a version that includes the fix for this issue. For Safari in Mac OS X versions 10.4 through 10.4.10, update Mac OS X to a version that includes the fix for this issue or update Safari to a version that is not vulnerable.