3.0.2B

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apple

NVD

Published: 2007-08-20

Updated: 2024-11-21

Summary

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Safari 3.0.0B Apple Safari 3.0.1B Apple Safari 3.0.2B	3

References

http://osvdb.org/46720
http://osvdb.org/46720
http://sla.ckers.org/forum/read.php?3%2C14151
http://sla.ckers.org/forum/read.php?3%2C14151
http://www.0x000000.com/index.php?i=420
http://www.0x000000.com/index.php?i=420
http://www.securityfocus.com/bid/25355
http://www.securityfocus.com/bid/25355
http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/
http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/