CVE-2007-2843

Published: May 24, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

Affected (1)

Products: Apple: Safari

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Version 2.0.4

References (8)

http://osvdb.org/38859

Source: cve@mitre.org

http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/24121

Source: cve@mitre.org

Exploit

http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/

Source: cve@mitre.org

http://osvdb.org/38859

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24121

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.