CVE-2004-1314 — Apple Safari vulnerability

4 documents2 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 23.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJan 10

Latest updateApr 29

Description

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/safari7 versions+6

🔴Vulnerability Details

GHSA

GHSA-fjjm-8r2x-qmqx: Safari 1↗2022-04-29

▶

GHSA

GHSA-23rg-j4mh-2pmr: Safari 1↗2022-04-29

▶