Back to search
CVE-2007-2398
Published: Jun 21, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
38862
vdb-entry
x_refsource_OSVDB
http://support.apple.com/kb/HT1467
x_refsource_CONFIRM
ADV-2007-2316
vdb-entry
x_refsource_VUPEN
ADV-2008-0979
vdb-entry
x_refsource_VUPEN
APPLE-SA-2007-06-22
vendor-advisory
x_refsource_APPLE
APPLE-SA-2008-04-16
vendor-advisory
x_refsource_APPLE
1018282
vdb-entry
x_refsource_SECTRACK
20070614 Re: Apple Safari: urlbar/window title spoofing
mailing-list
x_refsource_FULLDISC
safari-addressbar-spoofing(35050)
vdb-entry
x_refsource_XF
20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
mailing-list
x_refsource_BUGTRAQ
24484
vdb-entry
x_refsource_BID
20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now