CVE-2007-3514

Published Jul 3, 2007

Last updated 12 years ago

Overview

Description: Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 7.8
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32024B14-B4F7-466E-AEF2-0D3A7E8E1060"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References