CVE-2007-2398
First published: Thu Jun 21 2007(Updated: )
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2003 Server | =sp2 | |
| Apple Mobile Safari | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
- http://www.securityfocus.com/archive/1/471454/100/0/threaded
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://www.securityfocus.com/bid/24484
- http://www.securitytracker.com/id?1018282
- http://support.apple.com/kb/HT1467
- http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
- http://www.vupen.com/english/advisories/2008/0979/references
- http://www.vupen.com/english/advisories/2007/2316
- http://osvdb.org/38862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
- http://www.securityfocus.com/archive/1/471452/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2398?
CVE-2007-2398 has been classified as a medium-profile vulnerability due to its potential to facilitate phishing attacks.
How do I fix CVE-2007-2398?
To mitigate CVE-2007-2398, users should upgrade to a newer version of Apple Safari that addresses this vulnerability.
What software is affected by CVE-2007-2398?
CVE-2007-2398 specifically affects Apple Safari version 3.0.1 on Windows.
What type of attack does CVE-2007-2398 facilitate?
CVE-2007-2398 can facilitate phishing attacks by allowing remote attackers to modify the window title and address bar.
Is CVE-2007-2398 a client-side or server-side vulnerability?
CVE-2007-2398 is a client-side vulnerability that affects the Safari browser's handling of window content.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp2
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/3.0.1