First published: Wed Jun 10 2009(Updated: )
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | =3.2 | |
Apple Safari | =3.0.3 | |
Apple Safari | =3.0.1 | |
Apple Safari | =3.1.2 | |
Apple Safari | <=3.2.3 | |
Apple Safari | =3.0.2 | |
Apple Safari | =3.1 | |
Apple Safari | =3.1.1 | |
Apple Safari | =3.0 | |
Apple Safari | =3.2.2 | |
Apple Safari | =3.2.1 | |
Apple Safari | =3.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-1706 is considered a medium severity vulnerability due to the potential for tracking users via cookies.
To mitigate CVE-2009-1706, update Apple Safari to version 4.0 or later on Windows.
CVE-2009-1706 affects Apple Safari versions up to 3.2.3 on Windows.
The impact of CVE-2009-1706 is that it allows remote web servers to track users due to cookies not being removed in certain situations.
No, CVE-2009-1706 is specifically present in Safari versions prior to 4.0 on Windows.