Vulnerability Description
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | <= 3.0.3 |
References
- http://osvdb.org/46720
- http://sla.ckers.org/forum/read.php?3%2C14151
- http://www.0x000000.com/index.php?i=420Exploit
- http://www.securityfocus.com/bid/25355Exploit
- http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/
- http://osvdb.org/46720
- http://sla.ckers.org/forum/read.php?3%2C14151
- http://www.0x000000.com/index.php?i=420Exploit
- http://www.securityfocus.com/bid/25355Exploit
- http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/
FAQ
What is CVE-2007-4431?
CVE-2007-4431 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body....
How severe is CVE-2007-4431?
CVE-2007-4431 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4431?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.