Vulnerability Description
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | sp2 |
| Apple | Safari | 3.0.1 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
- http://osvdb.org/38862
- http://support.apple.com/kb/HT1467
- http://www.securityfocus.com/archive/1/471452/100/0/threaded
- http://www.securityfocus.com/archive/1/471454/100/0/threaded
- http://www.securityfocus.com/bid/24484
- http://www.securitytracker.com/id?1018282
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2008/0979/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
FAQ
What is CVE-2007-2398?
CVE-2007-2398 is a vulnerability with a CVSS score of 7.1 (HIGH). Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and u...
How severe is CVE-2007-2398?
CVE-2007-2398 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2398?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Apple Safari.