CVE-2009-1706
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
10/06/2009
Last modified:
09/04/2025
Description
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:* | 3.2.3 (including) | |
| cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://osvdb.org/54997
- http://secunia.com/advisories/35379
- http://support.apple.com/kb/HT3613
- http://www.securityfocus.com/bid/35260
- http://www.securityfocus.com/bid/35346
- http://www.vupen.com/english/advisories/2009/1522
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://osvdb.org/54997
- http://secunia.com/advisories/35379
- http://support.apple.com/kb/HT3613
- http://www.securityfocus.com/bid/35260
- http://www.securityfocus.com/bid/35346
- http://www.vupen.com/english/advisories/2009/1522