Vulnerabilities > CVE-2006-6238 - Unspecified vulnerability in Apple Safari 2.0.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

apple

NVD

Published: 2006-12-03

Updated: 2008-09-05

Summary

The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Safari 2.0.4	1

References

http://secunia.com/advisories/23066
http://tearesolutions.com/2006/11/how_to_steal_passwords_from_safaris_autofill.html
http://www.securityfocus.com/bid/21329