CVE-2007-3514
First published: Tue Jul 03 2007(Updated: )
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-3514?
CVE-2007-3514 is classified as a high severity vulnerability due to its potential to bypass the Same Origin Policy and compromise user privacy.
How do I fix CVE-2007-3514?
The recommended fix for CVE-2007-3514 is to update Apple Safari to a newer version that addresses this cross-domain vulnerability.
What type of attack is possible with CVE-2007-3514?
CVE-2007-3514 allows remote attackers to execute JavaScript that can access sensitive information from other domains.
Which software is affected by CVE-2007-3514?
CVE-2007-3514 specifically affects Apple Safari version 3.0.2 for Windows.
Can CVE-2007-3514 impact user data?
Yes, CVE-2007-3514 can lead to unauthorized access to user data from different domains, posing a significant risk.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/3.0.2