OpenCVE

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Safari
Microsoft	Windows Vista Windows Xp

Configuration 1 [-]

AND

cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.10:::::::*
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=306586
http://docs.info.apple.com/article.html?artnum=307041
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html
http://secunia.com/advisories/26983
http://secunia.com/advisories/27643
http://securitytracker.com/id?1018752
http://www.securityfocus.com/bid/25859
http://www.securityfocus.com/bid/26444
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
http://www.vupen.com/english/advisories/2007/3287
http://www.vupen.com/english/advisories/2007/3868
https://exchange.xforce.ibmcloud.com/vulnerabilities/36855

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-27T21:00:00

Updated: 2024-08-07T14:28:52.320Z

Reserved: 2007-07-12T00:00:00

Link: CVE-2007-3756

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-09-27T21:17:00.000

Modified: 2024-11-21T00:33:59.520

Link: CVE-2007-3756

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object