CVE-2015-3753
Published Aug 16, 2015
Last updated 6 years ago
Overview
- Description
- WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
- Source
- product-security@apple.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47782F4A-23C6-4F74-B4D1-DE59356AA9AB",
"versionEndExcluding": "6.2.8",
"versionStartIncluding": "6.0"
},
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2532A5EF-F419-4D51-BFB0-70AA3269691B",
"versionEndExcluding": "7.1.8",
"versionStartIncluding": "7.0"
},
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5A5B82D-B522-4F3F-B46B-DA1317F75C60",
"versionEndExcluding": "8.0.8",
"versionStartIncluding": "8.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F597127C-D985-43BC-AE13-8E076B270CC4",
"versionEndExcluding": "8.4.1"
}
],
"operator": "OR"
}
]
}
]