CVE-2007-3742Link Following in Apple Safari

CWE-16CWE-59Link Following2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 30.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedAug 3
Latest updateMay 1

Description

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari3.0.2

Patches

Patch: docs.info.apple.comPatch: docs.info.apple.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-8vqf-2742-m7gx: WebKit in Apple Safari 3 Beta before Update 32022-05-01