CVE-2006-6238
First published: Sun Dec 03 2006(Updated: )
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | =2.0.4 | |
| =2.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-6238?
CVE-2006-6238 is considered a moderate severity vulnerability due to its potential to expose sensitive user information.
How does CVE-2006-6238 affect users of Apple Safari 2.0.4?
CVE-2006-6238 allows attackers to steal sensitive information, such as usernames and passwords, through hidden form fields.
How can I fix CVE-2006-6238 in Apple Safari 2.0.4?
To fix CVE-2006-6238, users should update to a patched version of Apple Safari that addresses this vulnerability.
What type of information can be compromised due to CVE-2006-6238?
CVE-2006-6238 can compromise sensitive information including usernames and passwords from automatically populated form fields.
Is CVE-2006-6238 a common vulnerability that affects many applications?
CVE-2006-6238 specifically affects Apple Safari 2.0.4 and is not a common issue across other applications.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/apple
- canonical/safari
- version/safari/2.0.4