Cross-Domain Vulnerability in Apple WebCore on Mac OS X
CVE-2007-2409

Currently unrated

Key Information:

Vendor: Apple
Status: Webcore
Vendor: CVE Published:; 3 August 2007

Summary

A cross-domain vulnerability exists in the WebCore component of Apple’s Mac OS X versions 10.3.9 and 10.4.10. This flaw allows remote attackers to gather sensitive information by exploiting popup windows that can access the current URL of the parent window. If successfully exploited, this vulnerability exposes users to potential privacy breaches, making it critical to ensure proper safeguards are in place to mitigate unauthorized data access.

References

http://www.vupen.com/english/advisories/2007/2732

vdb-entryx_refsource_VUPEN

http://lists.apple.com/archives/security-announce//2007/J...

vendor-advisoryx_refsource_APPLE

http://securitytracker.com/id?1018494

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 3, 2007
Vulnerability Reserved
Apr 30, 2007