CVE-2012-3714 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure CWE-2642 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 45.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedSep 20

Latest updateMay 17

Description

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari6.0+77

🔴Vulnerability Details

GHSA

GHSA-wm6w-5h88-p758: The Form Autofill feature in Apple Safari before 6↗2022-05-17

▶