CVE-2007-2400: XSS
First published: Mon Jun 25 2007(Updated: )
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iStyle @cosme iPhone OS | <=1.0 | |
| Apple iOS and macOS | ||
| Microsoft Windows Vista | ||
| Microsoft Windows XP | ||
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://www.securityfocus.com/bid/24599
- http://www.securitytracker.com/id?1018282
- http://docs.info.apple.com/article.html?artnum=306173
- http://www.kb.cert.org/vuls/id/289988
- http://secunia.com/advisories/26287
- http://osvdb.org/36452
- http://www.vupen.com/english/advisories/2007/2731
- http://www.vupen.com/english/advisories/2007/2316
Frequently Asked Questions
What is the severity of CVE-2007-2400?
CVE-2007-2400 has a high severity due to its ability to bypass the JavaScript security model.
How do I fix CVE-2007-2400?
To fix CVE-2007-2400, you should update your Apple Safari to version 3.0.2 or later.
Which versions of Apple Safari are affected by CVE-2007-2400?
CVE-2007-2400 affects Apple Safari versions 3.0 and 3.0.1 on Windows.
Can CVE-2007-2400 lead to cross-site scripting attacks?
Yes, CVE-2007-2400 allows attackers to conduct cross-site scripting (XSS) attacks due to a race condition.
Is CVE-2007-2400 relevant for all Mac and Windows users?
CVE-2007-2400 is primarily relevant for users running vulnerable versions of Apple Safari on Windows.
- collector/nvd-historical
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/1.0
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows vista
- canonical/microsoft windows xp
- canonical/apple mobile safari
- version/apple mobile safari/3.0
- version/apple mobile safari/3.0.1