CVE-2015-7050
published 2015-12-11CVE-2015-7050: WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
0.58%
69.4th percentile
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.1 | — |
| apple | itunes | — | — |
| apple | safari | <= 9.0.1 | — |
| apple | safari | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
GHSA
GHSA-pj4f-23pp-qg9c: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-17
CVE-2015-7050 [MEDIUM] CWE-200 GHSA-pj4f-23pp-qg9c: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
OSV
CVE-2015-7050: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 4.3
CVE-2015-7050 [MEDIUM] CVE-2015-7050: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
Apple
CVE-2015-7050: iOS 9.2
vendor_apple·CVSS 4.3
CVE-2015-7050 [MEDIUM] CVE-2015-7050: iOS 9.2
Apple Security Update: About the security content of iOS 9.2
Product: iOS
Version: 9.2
CVE: CVE-2015-7050
Component: CVE-ID
Apple
CVE-2015-7050: iTunes 12.3.2
vendor_apple·CVSS 4.3
CVE-2015-7050 [MEDIUM] CVE-2015-7050: iTunes 12.3.2
Apple Security Update: About the security content of iTunes 12.3.2
Product: iTunes
Version: 12.3.2
CVE: CVE-2015-7050
Component: CVE-ID
Apple
CVE-2015-7050: Safari 9.0.2
vendor_apple·CVSS 4.3
CVE-2015-7050 [MEDIUM] CVE-2015-7050: Safari 9.0.2
Apple Security Update: About the security content of Safari 9.0.2
Product: Safari
Version: 9.0.2
CVE: CVE-2015-7050
Component: CVE-ID
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00003.htmlhttp://www.securityfocus.com/bid/78722http://www.securitytracker.com/id/1034341https://support.apple.com/HT205635https://support.apple.com/HT205639https://support.apple.com/kb/HT205636http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00003.htmlhttp://www.securityfocus.com/bid/78722http://www.securitytracker.com/id/1034341https://support.apple.com/HT205635https://support.apple.com/HT205639https://support.apple.com/kb/HT205636
2015-12-11
Published