CVE-2009-1707

Published: Jun 10, 2009Modified: Apr 23, 2026

1.2

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Exploitability: 1.9 / Impact: 2.9

Source: NVD

Description

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

Affected (12)

Products: Apple: Safari

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.2.3
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.1
Apple Safari	Version 3.2.1
Apple Safari	Version 3.2.2
Apple Safari	Version 3.2

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (22)

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: cve@mitre.org

http://osvdb.org/55012

Source: cve@mitre.org

http://secunia.com/advisories/35379

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42314

Source: cve@mitre.org

http://support.apple.com/kb/HT3613

Source: cve@mitre.org

PatchVendor Advisory

http://support.apple.com/kb/HT4456

Source: cve@mitre.org

http://www.securityfocus.com/bid/35260

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/35352

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1522

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/3046

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/55012

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35379

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42314

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3613

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://support.apple.com/kb/HT4456

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35260

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/35352

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1522

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/3046

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.