Cross-Site Scripting Vulnerability in Safari on Apple Mac OS X
CVE-2007-0478

Currently unrated

Key Information:

Vendor: Apple
Status: Safari; Webcore
Vendor: CVE Published:; 25 January 2007

Summary

A vulnerability exists in the HTML comment parsing functionality of WebCore in Safari on Apple Mac OS X 10.3.9 and 10.4.10. This issue allows attackers to craft malicious HTML comments, which can lead to cross-site scripting (XSS) attacks. By embedding specific HTML tags within comments, an attacker may bypass certain XSS protection measures, potentially enabling unauthorized access to sensitive user data or execution of arbitrary scripts in the context of the user's browser.

References

http://www.vupen.com/english/advisories/2007/2732

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/23893

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/457763/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jan 25, 2007
Vulnerability Reserved
Jan 24, 2007