CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-2843

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile22.14th
Published2007年5月24日
Last Modified2026年4月23日

Vulnerability Description

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

Affected Platforms (CPE)

📦
Apple

Safari

= 2.0.4

References & Advisories

🔗 http://osvdb.org/38859
🔗 http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
🔗 http://www.securityfocus.com/bid/24121
🔗 http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/
🔗 http://osvdb.org/38859
🔗 http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
🔗 http://www.securityfocus.com/bid/24121
🔗 http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/

相關漏洞威脅

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2009-013710.0

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote at...