CVE-2007-3514 — Apple Safari vulnerability

3 documents3 sources

Severity

8.5HIGHNVD

EPSS

0.2%

top 57.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Vmware Esxi Vmware Workstation

Timeline

PublishedJul 3

Latest updateMay 1

Description

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.

CVSS vector

AV:N/AC:L/C:C/I:P/A:NExploitability: 10.0 | Impact: 7.8

Affected Packages3 packages

▶NVDapple/safari3.0.2

▶vmwarevmware/esxi

▶vmwarevmware/vmware_workstation

🔴Vulnerability Details

GHSA

GHSA-f23g-mp7v-582j: Cross-domain vulnerability in Apple Safari for Windows 3↗2022-05-01

▶

📋Vendor Advisories

VMware

Updated VirtualCenter addresses User Account Disclosure Vulnerability↗2008-08-12

▶