CVE-2007-5858

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 19-12-2007 10:46

Last modified: - 09-08-2022 03:46

Total changes: - 2

Description

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:P/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

Reference

APPLE-SA-2007-12-17-
http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307178
TA07-352A-US Government Resource
26911-
1019108-
28136-Vendor Advisory
http://docs.info.apple.com/article.html?artnum=307302
APPLE-SA-2008-01-15-
28497-Vendor Advisory
ADV-2007-4238-Vendor Advisory
ADV-2008-0147-Vendor Advisory
safari-webkit-security-bypass(39091)-

Keywords

CVE-2007-5858

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-5858

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures