4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.2%
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
CPE | Name | Operator | Version |
---|---|---|---|
apple:iphone_os | apple iphone os | le | 1.0 |
apple:safari | apple safari | eq | 3.0 |
apple:safari | apple safari | eq | 3.0.1 |
docs.info.apple.com/article.html?artnum=306173
lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
osvdb.org/36452
secunia.com/advisories/26287
www.kb.cert.org/vuls/id/289988
www.securityfocus.com/bid/24599
www.securitytracker.com/id?1018282
www.vupen.com/english/advisories/2007/2316
www.vupen.com/english/advisories/2007/2731