CVE-2007-2398
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/06/2007
Last modified:
09/04/2025
Description
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
Impact
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
- http://osvdb.org/38862
- http://support.apple.com/kb/HT1467
- http://www.securityfocus.com/archive/1/471452/100/0/threaded
- http://www.securityfocus.com/archive/1/471454/100/0/threaded
- http://www.securityfocus.com/bid/24484
- http://www.securitytracker.com/id?1018282=
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2008/0979/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
- http://osvdb.org/38862
- http://support.apple.com/kb/HT1467
- http://www.securityfocus.com/archive/1/471452/100/0/threaded
- http://www.securityfocus.com/archive/1/471454/100/0/threaded
- http://www.securityfocus.com/bid/24484
- http://www.securitytracker.com/id?1018282=
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2008/0979/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35050