CVE-2007-2400
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
25/06/2007
Last modified:
09/04/2025
Description
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 1.0 (including) | |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://osvdb.org/36452
- http://secunia.com/advisories/26287
- http://www.kb.cert.org/vuls/id/289988
- http://www.securityfocus.com/bid/24599
- http://www.securitytracker.com/id?1018282=
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2007/2731
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://osvdb.org/36452
- http://secunia.com/advisories/26287
- http://www.kb.cert.org/vuls/id/289988
- http://www.securityfocus.com/bid/24599
- http://www.securitytracker.com/id?1018282=
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2007/2731