CVE Vulnerability

CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html Patch Vendor Advisory
http://www.securityfocus.com/bid/24599 Patch
http://www.securitytracker.com/id?1018282 Patch
http://docs.info.apple.com/article.html?artnum=306173 Vendor Advisory
http://www.kb.cert.org/vuls/id/289988 US Government Resource
http://secunia.com/advisories/26287 Vendor Advisory
http://osvdb.org/36452
http://www.vupen.com/english/advisories/2007/2731 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2316 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2007-06-25 07:30

Updated : 2022-08-09 01:46

NVD link : CVE-2007-2400

Mitre link : CVE-2007-2400

Products Affected

Microsoft

Windows Xp

CWE
CWE-362

CWE-79