CVE-2015-3753
published 2015-08-16CVE-2015-3753: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint…
PriorityP424medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
0.62%
70.5th percentile
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | apple_tv | — | — |
| apple | ios | — | — |
| apple | iphone_os | < 8.4.1 | 8.4.1 |
| apple | safari | >= 6.0 < 6.2.8 | 6.2.8 |
| apple | safari | >= 7.0 < 7.1.8 | 7.1.8 |
| apple | safari | >= 8.0 < 8.0.8 | 8.0.8 |
| apple | safari_8.0.8_safari_7.1.8_and_safari | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
Apple
CVE-2015-3753: Apple TV 7.2.1
vendor_apple·CVSS 5.0
CVE-2015-3753 [MEDIUM] CVE-2015-3753: Apple TV 7.2.1
Apple Security Update: About the security content of Apple TV 7.2.1
Product: Apple TV
Version: 7.2.1
CVE: CVE-2015-3753
Component: CVE-ID
Apple
CVE-2015-3753: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
vendor_apple·CVSS 5.0
CVE-2015-3753 [MEDIUM] CVE-2015-3753: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Apple Security Update: About the security content of Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Product: Safari 8.0.8, Safari 7.1.8, and Safari
Version: 6.2.8
CVE: CVE-2015-3753
Component: CVE-ID
Apple
CVE-2015-3753: iOS 8.4.1
vendor_apple·CVSS 5.0
CVE-2015-3753 [MEDIUM] CVE-2015-3753: iOS 8.4.1
Apple Security Update: About the security content of iOS 8.4.1
Product: iOS
Version: 8.4.1
CVE: CVE-2015-3753
Component: CVE-ID
GHSA
GHSA-4vr7-cqg2-r964: WebKit in Apple Safari before 6
ghsa_unreviewed·2022-05-14
CVE-2015-3753 [MEDIUM] CWE-200 GHSA-4vr7-cqg2-r964: WebKit in Apple Safari before 6
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
OSV
CVE-2015-3753: WebKit in Apple Safari before 6
osv·2015-08-16·CVSS 5.0
CVE-2015-3753 [MEDIUM] CVE-2015-3753: WebKit in Apple Safari before 6
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttp://www.securityfocus.com/bid/76341http://www.securitytracker.com/id/1033274https://support.apple.com/kb/HT205030https://support.apple.com/kb/HT205033http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttp://www.securityfocus.com/bid/76341http://www.securitytracker.com/id/1033274https://support.apple.com/kb/HT205030https://support.apple.com/kb/HT205033
2015-08-16
Published