Cross-Site Scripting Vulnerability in Apple Safari on Mac OS X
CVE-2007-2410

Currently unrated

Key Information:

Vendor: Apple
Status: Webcore
Vendor: CVE Published:; 3 August 2007

Summary

In certain versions of Apple Safari running on Mac OS X 10.3.9 and 10.4.10, the WebCore component fails to properly clear certain global object properties when a new URL is accessed in the same browser window. This oversight allows remote attackers to exploit the vulnerability to execute arbitrary JavaScript code via specially crafted web pages. Successful exploitation could lead to unauthorized actions taken on behalf of users or the exposure of sensitive information.

References

http://www.vupen.com/english/advisories/2007/2732

vdb-entryx_refsource_VUPEN

http://lists.apple.com/archives/security-announce//2007/J...

vendor-advisoryx_refsource_APPLE

http://securitytracker.com/id?1018494

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 3, 2007
Vulnerability Reserved
Apr 30, 2007