CVE-2007-5858

Published: Dec 19, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

Affected (1)

Products: Apple: Safari

1 product

Configuration A

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Apple Safari	All versions

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.5.1
Apple Iphone	Version 1.02
Apple Iphone	Version 1.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Ipod Touch	Version 1.1.1
Apple Ipod Touch	Version 1.1.2
Apple Ipod Touch	Version 1.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (26)

http://docs.info.apple.com/article.html?artnum=307178

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307179

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307302

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html

Source: cve@mitre.org

http://secunia.com/advisories/28136

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28497

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1019108

Source: cve@mitre.org

http://www.securityfocus.com/bid/26911

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2007/4238

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0147

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/39091

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307178

Source: af854a3a-2127-422b-91ae-364da2661108

http://docs.info.apple.com/article.html?artnum=307179

Source: af854a3a-2127-422b-91ae-364da2661108

http://docs.info.apple.com/article.html?artnum=307302

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28136

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28497

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1019108

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26911

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/4238

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0147

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/39091

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.