First published: Wed Jul 25 2012(Updated: )
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | <=5.1.7 | |
Apple Safari | =1.0 | |
Apple Safari | =1.0-beta | |
Apple Safari | =1.0-beta2 | |
Apple Safari | =1.0.0 | |
Apple Safari | =1.0.0b1 | |
Apple Safari | =1.0.0b2 | |
Apple Safari | =1.0.1 | |
Apple Safari | =1.0.2 | |
Apple Safari | =1.0.3 | |
Apple Safari | =1.0.3-85.8 | |
Apple Safari | =1.0.3-85.8.1 | |
Apple Safari | =1.0b1 | |
Apple Safari | =1.1 | |
Apple Safari | =1.1.0 | |
Apple Safari | =1.1.1 | |
Apple Safari | =1.2 | |
Apple Safari | =1.2.0 | |
Apple Safari | =1.2.1 | |
Apple Safari | =1.2.2 | |
Apple Safari | =1.2.3 | |
Apple Safari | =1.2.4 | |
Apple Safari | =1.2.5 | |
Apple Safari | =1.3 | |
Apple Safari | =1.3.0 | |
Apple Safari | =1.3.1 | |
Apple Safari | =1.3.2 | |
Apple Safari | =1.3.2-312.5 | |
Apple Safari | =1.3.2-312.6 | |
Apple Safari | =2 | |
Apple Safari | =2.0 | |
Apple Safari | =2.0.0 | |
Apple Safari | =2.0.1 | |
Apple Safari | =2.0.2 | |
Apple Safari | =2.0.3 | |
Apple Safari | =2.0.3-417.8 | |
Apple Safari | =2.0.3-417.9 | |
Apple Safari | =2.0.3-417.9.2 | |
Apple Safari | =2.0.3-417.9.3 | |
Apple Safari | =2.0.4 | |
Apple Safari | =2.0.4 | |
Apple Safari | =3 | |
Apple Safari | =3.0 | |
Apple Safari | =3.0.0 | |
Apple Safari | =3.0.0 | |
Apple Safari | =3.0.0b | |
Apple Safari | =3.0.0b | |
Apple Safari | =3.0.1 | |
Apple Safari | =3.0.1 | |
Apple Safari | =3.0.1-beta | |
Apple Safari | =3.0.1b | |
Apple Safari | =3.0.1b | |
Apple Safari | =3.0.2 | |
Apple Safari | =3.0.2 | |
Apple Safari | =3.0.2b | |
Apple Safari | =3.0.2b | |
Apple Safari | =3.0.3 | |
Apple Safari | =3.0.3 | |
Apple Safari | =3.0.3b | |
Apple Safari | =3.0.3b | |
Apple Safari | =3.0.4 | |
Apple Safari | =3.0.4 | |
Apple Safari | =3.0.4b | |
Apple Safari | =3.0.4b | |
Apple Safari | =3.1.0 | |
Apple Safari | =3.1.0 | |
Apple Safari | =3.1.0b | |
Apple Safari | =3.1.0b | |
Apple Safari | =3.1.1 | |
Apple Safari | =3.1.1b | |
Apple Safari | =3.1.2 | |
Apple Safari | =3.1.2b | |
Apple Safari | =3.2.0 | |
Apple Safari | =3.2.0b | |
Apple Safari | =3.2.1 | |
Apple Safari | =3.2.1b | |
Apple Safari | =3.2.2 | |
Apple Safari | =3.2.2b | |
Apple Safari | =4.0 | |
Apple Safari | =4.0-beta | |
Apple Safari | =4.0.0b | |
Apple Safari | =4.0.1 | |
Apple Safari | =4.0.2 | |
Apple Safari | =4.0.3 | |
Apple Safari | =4.0.4 | |
Apple Safari | =4.0.5 | |
Apple Safari | =4.1 | |
Apple Safari | =4.1.1 | |
Apple Safari | =4.1.2 | |
Apple Safari | =5.0 | |
Apple Safari | =5.0.1 | |
Apple Safari | =5.0.2 | |
Apple Safari | =5.0.4 | |
Apple Safari | =5.0.5 | |
Apple Safari | =5.0.6 | |
Apple Safari | =5.1 | |
Apple Safari | =5.1.1 | |
Apple Safari | =5.1.2 | |
Apple Safari | =5.1.3 | |
Apple Safari | =5.1.4 | |
Apple Safari | =5.1.5 | |
Apple Safari | =5.1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-3695 is classified as a high severity vulnerability due to its potential for exploitation through cross-site scripting.
To remediate CVE-2012-3695, users should update to Apple Safari version 6.0 or later, which addresses the vulnerability.
Attackers can leverage CVE-2012-3695 to perform cross-site scripting (XSS) attacks, potentially leading to data theft or session hijacking.
CVE-2012-3695 affects Apple Safari versions prior to 6.0, including all versions up to and including 5.1.7.
The best course of action is to update to the latest version of Apple Safari, as no effective workarounds have been documented.