The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:M/Au:N/C:P/I:N/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Apple |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2012-09-20T21:00:00
Updated: 2024-08-06T20:13:51.781Z
Reserved: 2012-06-19T00:00:00
Link: CVE-2012-3714
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-09-20T21:55:02.563
Modified: 2017-08-29T01:32:03.197
Link: CVE-2012-3714
Redhat
No data.