Apple Safari JavaScript Engine Cross Domain Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Apple Safari web browser which is prone to information disclosure vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the web browser and can spoof sensitive information of the remote user through the web browser. Impact Level: Application

Solution

Upgrade to Apple Safari version 5.0 or later For updates refer to http://www.apple.com/support/downloads

Insight

Undefined function in the JavaScript implementation of the browser fails to properly enforce the origin policy and leaves temporary footprints.

Affected

Apple Safari 3.1.2 and prior on Windows.

References

http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5914

CVSS	Base Score: 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N

Related Vulnerabilities

BasiliX Detection
RemotelyAnywhere Cross Site Scripting
BasiliX Attachment Disclosure Vulnerability
Interchange HTTP Response Splitting Vulnerability
Mailman Detection

Take action and discover your vulnerabilities