Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1003

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1003
Last Modified 31 Aug 2013 01:42:40
Published 18 Mar 2008 08:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1003

Summary

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

Vulnerable Systems

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.1

  • Apple Safari 1.2

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2.0

  • Apple Safari 2.0.2

  • Apple Safari 2.0.4

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4


References

CERT - TA08-079A

APPLE - APPLE-SA-2008-03-18

XF - safari-documentdomain-security-bypass(41334)

VUPEN - ADV-2008-0920

SECTRACK - 1019653

BID - 28330

BID - 28290

SECUNIA - 29393

CONFIRM - http://docs.info.apple.com/article.html?artnum=307563

Related Patches

Apple 2008-03-18 Safari Update 3.1 (Tiger PPC)

Apple 2008-03-18 Safari Update 3.1 (Leopard)

Apple 2008-03-18 Safari Update 3.1 (Tiger Intel)


Last Updated: 27 May 2016 10:46:58