WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2014-05-22T19:00:00
Updated: 2024-08-06T09:34:41.318Z
Reserved: 2014-01-08T00:00:00
Link: CVE-2014-1346
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-05-22T19:55:08.047
Modified: 2015-12-08T20:28:53.310
Link: CVE-2014-1346
Redhat