1. Home
  2. CVE Database
  3. CVE-2007-5858
MEDIUM · 4.3

CVE-2007-5858

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be le...

Vulnerability Description

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
AppleMac Os X10.4.11
AppleIphone1.0
AppleIpod Touch1.1
AppleIphone Os1.0.1
AppleSafariAll versions

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2007-5858?

CVE-2007-5858 is a vulnerability with a CVSS score of 4.3 (MEDIUM). WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be le...

How severe is CVE-2007-5858?

CVE-2007-5858 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5858?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Iphone, Apple Ipod Touch, Apple Iphone Os, Apple Safari.