CVE-2007-3756

Published: Sep 27, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.

Affected (2)

Products: Apple: Safari

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Safari	All versions

Running on/with	Platform Versions
Apple Iphone Os	Version 1.1.1

Configuration B

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.0.3

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.10
Apple Mac Os X	Version 10.4.1
Apple Mac Os X	Version 10.4.2
Apple Mac Os X	Version 10.4.3
Apple Mac Os X	Version 10.4.4
Apple Mac Os X	Version 10.4.5
Apple Mac Os X	Version 10.4.6
Apple Mac Os X	Version 10.4.7
Apple Mac Os X	Version 10.4.8
Apple Mac Os X	Version 10.4.9
Apple Mac Os X	Version 10.4
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (26)

http://docs.info.apple.com/article.html?artnum=306586

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307041

Source: cve@mitre.org

http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

Source: cve@mitre.org

Patch

http://secunia.com/advisories/26983

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27643

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1018752

Source: cve@mitre.org

http://www.securityfocus.com/bid/25859

Source: cve@mitre.org

http://www.securityfocus.com/bid/26444

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2007/3287

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/3868

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/36855

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306586

Source: af854a3a-2127-422b-91ae-364da2661108

http://docs.info.apple.com/article.html?artnum=307041

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/26983

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27643

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1018752

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25859

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26444

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/3287

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2007/3868

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/36855

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.