Описание
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-1007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41324
- http://docs.info.apple.com/article.html?artnum=307563
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
- http://secunia.com/advisories/29393
- http://www.securityfocus.com/bid/28290
- http://www.securityfocus.com/bid/28335
- http://www.securitytracker.com/id?1019653
- http://www.us-cert.gov/cas/techalerts/TA08-079A.html
- http://www.vupen.com/english/advisories/2008/0920/references
Связанные уязвимости
nvd
почти 18 лет назад
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.