CVE-2014-1346
Published May 22, 2014
Last updated 9 years ago
Overview
- Description
- WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
- Source
- product-security@apple.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC328FF9-3049-4E2C-9A79-D6038953B101",
"versionEndIncluding": "6.1.3"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BA4B009-6BF2-4174-A05C-77B75C45377C"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "136A760D-2873-4216-AB60-E3D93DE82BCF"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "076B9C00-EFB0-4284-A617-FAEE341F80FB"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8851ED07-715F-4F6A-AE29-FA95D069F972"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65EBA204-5E12-429A-9414-400CBAA0BA89"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A600193-92E3-4A31-824D-94BC87E513B2"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74543772-8C0C-4055-BC1E-D7EAA8A55B51"
},
{
"criteria": "cpe:2.3:a:apple:safari:6.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77462FFC-4F46-4DE4-BE90-78457B7B4FD7"
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C"
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249"
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D"
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2"
}
],
"operator": "OR"
}
]
}
]