CVE-2006-6238Apple Safari vulnerability

2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 35.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedDec 3
Latest updateMay 1

Description

The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari2.0.4

🔴Vulnerability Details

1
GHSA
GHSA-vm94-3jpr-ph6q: The AutoFill feature in Apple Safari 22022-05-01