Vulnerabilities > CVE-2007-2843 - Information Disclosure vulnerability in Apple Safari 2.0.4

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
apple
critical
exploit available
NVD
Published: 2007-05-24
Updated: 2008-11-15

Summary

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

Vulnerable Configurations

Part Description Count
Application
Apple
1

Exploit-Db

descriptionApple Safari 2.0.4 Cross-Domain Browser Location Information Disclosure Vulnerability. CVE-2007-2843. Remote exploits for multiple platform
idEDB-ID:30078
last seen2016-02-03
modified2007-05-23
published2007-05-23
reporterGareth Heyes
sourcehttps://www.exploit-db.com/download/30078/
titleApple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure Vulnerability

References